bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 19th Jul 2010, 10:12   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
Critical Windows flaw uncovered

http://www.bit-tech.net/news/bits/20...aw-uncovered/1
__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 19th Jul 2010, 10:19   #2
proxess
Hypermodder
 
Join Date: Nov 2006
Location: Zeist, Netherlands
Posts: 975
proxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for president
Ouch. Tho it doesn't seem that bad on Windows 7, autorun is off by default. What about XP and Vista? Is it the same on these? I bet Windows ME is safe on this one.
__________________
Laptop: i7 4800MQ 2.7GHz (~3.7GHz); 2x 4GB Kingston HyperX Genesis 1600MHz; Nvidia 780M 4GB; Crucial M4 256GB SSD; Ubuntu 14.04 x64 and Windows 8.1 x64.
Ubuntu #8076 / Linux #429448
proxess is offline   Reply With Quote
Old 19th Jul 2010, 10:45   #3
leexgx
CPC hang out zone (i Fix pcs i do )
 
leexgx's Avatar
 
Join Date: Jun 2006
Location: uk
Posts: 1,239
leexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremel
not an auto run bug, short cut bug (read the last part)
__________________
i7-920 (4Ghz) <> Titian ferna <> Rampage extreme III<> GTX480 <> 6gb 3x2gb OCZ Gold 1600 <> SSD M225 256gb / segate .11 1.5TB <> X-Fi Titanium Fatal1ty <> TK 1000w Toughpower <win7 x64> GreenFrog Computers Warrington
leexgx is offline   Reply With Quote
Old 19th Jul 2010, 12:09   #4
perplekks45
LIKE AN ANIMAL!
 
perplekks45's Avatar
 
Join Date: May 2004
Location: Offenbach, Germany
Posts: 4,665
perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.perplekks45 is a hoopy frood who really knows where their towel is.
Not a severe bug, just don't use .lnk files...
Still they should patch that as quickly as possible, Joe Average ain't the sharpest tool in the box.
__________________
The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents. We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far.
ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn
Iδ! Iδ! Cthulhu fhtagn!
perplekks45 is offline   Reply With Quote
Old 19th Jul 2010, 13:02   #5
Jack_Pepsi
Clan BeeR Founder
 
Jack_Pepsi's Avatar
 
Join Date: Apr 2006
Location: In the sticks, UK
Posts: 646
Jack_Pepsi has yet to learn the way of the DremelJack_Pepsi has yet to learn the way of the Dremel
It doesn't matter at all for the average user, it's already too late for them and their ignorance. They'll continue to use Limewire blissfully unaware. The majority believe that the scare-ware AV software that's doing the rounds is actually their AV.

Tell them that shortcut icons can be exploited and they'll go around deleting everything.
__________________
During the rectification of the Vuldronaii the Traveler came as a large, moving Torb. Then, during the third reconciliation of the last of the Meketrex supplicants they chose a new form for him—that of a giant Sloar. Many Shubs and Zuuls knew what it was to be roasted in the depths of the Sloar that day, I can tell you.
Jack_Pepsi is offline   Reply With Quote
Old 19th Jul 2010, 14:44   #6
DarkLord7854
Pew pew lazerz
 
DarkLord7854's Avatar
 
Join Date: Jun 2005
Location: Stockholm, Sweden
Posts: 4,643
DarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run Crysis
Quote:
Originally Posted by Jack_Pepsi View Post
Tell them that shortcut icons can be exploited and they'll go around deleting everything.
I have to admit that the thought of telling someone that and seeing them do that would be highly entertaining and thoroughly amusing
__________________
Asus P9X79 Deluxe | i7 3930K | 2x Asus GTX760 | 3x OCZ Agility3 240GB SSD - 1x WB Black 1Tb | G.Skill Ripjaws Z 32GB DDR3-1866 | Creative XtremeGamer X-Fi | Thermaltake Level10GT
DarkLord7854 is offline   Reply With Quote
Old 19th Jul 2010, 14:50   #7
Jack_Pepsi
Clan BeeR Founder
 
Jack_Pepsi's Avatar
 
Join Date: Apr 2006
Location: In the sticks, UK
Posts: 646
Jack_Pepsi has yet to learn the way of the DremelJack_Pepsi has yet to learn the way of the Dremel
That it would.

__________________
During the rectification of the Vuldronaii the Traveler came as a large, moving Torb. Then, during the third reconciliation of the last of the Meketrex supplicants they chose a new form for him—that of a giant Sloar. Many Shubs and Zuuls knew what it was to be roasted in the depths of the Sloar that day, I can tell you.
Jack_Pepsi is offline   Reply With Quote
Old 19th Jul 2010, 17:08   #8
HourBeforeDawn
a.k.a KazeModz
 
Join Date: Oct 2006
Location: Cali, USA
Posts: 2,637
HourBeforeDawn has yet to learn the way of the DremelHourBeforeDawn has yet to learn the way of the Dremel
Im confused I thought they released an Update a while back that stopped Auto Run from starting to stop or slowdown that one cornflickerwhatever virus? I know when I plug in removable media nothing happens until I go and actually open it.
__________________
Current Rig: Project STEALTH
• DimasTech Test Bench • Black ICE Triple 120 Rad • Dual Bay Res/Pump • DD Fill Port & Res • D-Tek FuZion 2 CPU Block • ASUS M3A79-T Deluxe Mobo • AMD Phenom II 3ghz @ 4ghz • 8gb DDR2-1100 Memory • (2) AMD 6870 XFire • (2) WD Black 640gb Raid 0 • (2) 1.5TB SEAGATE • Blu-Ray/HD DVD Drive • ASUS XONAR DX2 • 30" DOUBLESIGHT LCD • (2) 23" ASUS LCD • ZALMAN 8 FAN CONTROLLER • (4) NOCTUA P12 • (2) NOCTUA P14 • 1000W ZALMAN PSU • WINDOWS 7 PRO 64 •
HourBeforeDawn is offline   Reply With Quote
Old 19th Jul 2010, 19:17   #9
Jim
Ineptimodder
 
Join Date: Sep 2007
Location: UK
Posts: 265
Jim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for presidentJim should be considered for president
Quote:
Originally Posted by Jack_Pepsi
Tell them that shortcut icons can be exploited and they'll go around deleting everything.
I can't delete Recycle Bin! Help!

Jim is offline   Reply With Quote
Old 19th Jul 2010, 20:01   #10
Grimloon
Usually bugnuts
 
Grimloon's Avatar
 
Join Date: Sep 2008
Location: Licolnshire, UK
Posts: 781
Grimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run Crysis
Quote:
Originally Posted by perplekks45 View Post
Not a severe bug, just don't use .lnk files...
Still they should patch that as quickly as possible, Joe Average ain't the sharpest tool in the box.
Congratulations! You just won the understatement of the year award!

A fix would be very nice (right now, please?) as one of our users almost had a call logged today as "Too blonde to use scanner - clue-by-4 required" (I get in trouble for that sort of thing, it's considered unprofessional) and I shudder to think what can be done by the blind clicking on the "Yes" button can cause if this flaw goes unpatched.

Much as I detest patch Tuesday it serves a purpose and this bunny should be right up there on the list as "Critical".
Grimloon is offline   Reply With Quote
Old 19th Jul 2010, 21:26   #11
thehippoz
Banned
 
Join Date: Dec 2008
Location: Fresno, CA
Posts: 5,780
thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!
ah yeah autorun.inf trojaning.. I used to silk rope trojan onto the setup (granted this was a long time ago when autorun was on by default).. it was a guaranteed thing as soon as they put in the disk

my messenger would pop and the ip would be in the irc channel.. oh those were the days- I dunno if you guys remember the oob nuke on windows 95.. you nuke whole groups of people on the internet by hitting blocks of ip's randomly and make their rigs bsod xD

the av software has gotten pretty good.. your more prone to phishing someone's info than getting a trojan installed successfully.. human error will always be the biggest factor

anyone running the uac full up and tests the software they install in a vm beforehand- they'll have no problems for the most part

I'd like to see that in the next version of windows.. a feature like in acronis true image home- where your able to install something and 'revert' back instead of relying on backups.. the restore does an ok job but a lot of times they just erase the restore points

I do think many of the trojans written today are by the av companies.. they gotta keep the wheel greased- they also aren't fond of the uac.. but microsoft default on the uac in windows 7 is pretty shitty- you have to turn it up to get any real use out of it.. it should be on or off
thehippoz is offline   Reply With Quote
Old 19th Jul 2010, 21:49   #12
MrZephyr
Minimodder
 
Join Date: Dec 2009
Posts: 20
MrZephyr has yet to learn the way of the Dremel
Check out the US-CERT website, they say there is a workaround available:

http://www.us-cert.gov/current/index..._vulnerability

Microsoft Windows LNK Vulnerability
added July 16, 2010 at 10:08 am | updated July 19, 2010 at 09:02 am

US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for LNK files. Microsoft uses LNK files, commonly referred to as "shortcuts," as references to files or applications.

By convincing a user to display a specially-crafted LNK file, an attacker may be able to execute arbitrary code that would give the attacker the privileges of the user. Viewing the location of an LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive is connected, thus opening the location of the LNK and triggering the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user.

Microsoft has released Microsoft Security Advisory 2286198 in response to this issue. Users are encouraged to review the advisory and consider implementing the workarounds listed to reduce the threat of known attack vectors. Please note that implementing these workarounds may affect functionality. The workarounds include

* disabling the display of icons for shortcuts
* disabling the WebClient service

In addition to implementing the workarounds listed in Microsoft Security Advisory 2286198, US-CERT encourages users and administrators to consider implementing the following best practice security measures to help further reduce the risks of this and other vulnerabilities:

* Disable AutoRun as described in Microsoft Support article 967715.
* Implement the principle of least privilege as defined in the Microsoft TechNet Library.
* Maintain up-to-date antivirus software.

Additional information can be found in the US-CERT Vulnerability Note VU#940193.

US-CERT will provide additional information as it becomes available.
MrZephyr is offline   Reply With Quote
Old 19th Jul 2010, 21:58   #13
Altron
LIKE A BAUCE!!!!
 
Altron's Avatar
 
Join Date: Dec 2002
Location: an island on the Hudson
Posts: 3,183
Altron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the Dremel
Quote:
Originally Posted by snootyjim
Quote:
Originally Posted by Jack_Pepsi
Tell them that shortcut icons can be exploited and they'll go around deleting everything.
I can't delete Recycle Bin! Help!

Would deleting the recycle bin be the same as dividing by zero?
__________________
If this post is not up to your standards, please lower your standards.

e^i(pi)+1=0
Altron is offline   Reply With Quote
Old 19th Jul 2010, 23:19   #14
Grimloon
Usually bugnuts
 
Grimloon's Avatar
 
Join Date: Sep 2008
Location: Licolnshire, UK
Posts: 781
Grimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run CrysisGrimloon can run Crysis
Quote:
Originally Posted by Altron View Post
Would deleting the recycle bin be the same as dividing by zero?
I wish! The implosion in the space time continuum caused should be localised and therefore only eliminate the specific perpetrator rather than the whole universe. We can, at least, hope that this would be the case.

Quote:
Originally Posted by MrZephyr View Post
*snip*
Full credit for the rational approach. We're talking about end users here - "To click or not to click, that is the question. Whether 'tis nobler..." (I sincerely apologise for seriously mauling that quote but I hope that you get the picture I'm seeing at the moment). The rational, secure approach is for the geeks/network techs. For everyone else it's simply a case of "What happens if I click on this?" and some bugger else has to clean up the mess.
Grimloon is offline   Reply With Quote
Old 20th Jul 2010, 00:35   #15
DarkLord7854
Pew pew lazerz
 
DarkLord7854's Avatar
 
Join Date: Jun 2005
Location: Stockholm, Sweden
Posts: 4,643
DarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run CrysisDarkLord7854 can run Crysis
Quote:
Originally Posted by Altron View Post
Would deleting the recycle bin be the same as dividing by zero?
If I recall actually, a lot of people had problems with deleting their recycle bin and then couldn't get it back
__________________
Asus P9X79 Deluxe | i7 3930K | 2x Asus GTX760 | 3x OCZ Agility3 240GB SSD - 1x WB Black 1Tb | G.Skill Ripjaws Z 32GB DDR3-1866 | Creative XtremeGamer X-Fi | Thermaltake Level10GT
DarkLord7854 is offline   Reply With Quote
Old 20th Jul 2010, 00:59   #16
807
Minimodder
 
Join Date: Jul 2010
Location: Yorkshire, UK
Posts: 30
807 has yet to learn the way of the Dremel
Quote:
Originally Posted by Altron View Post
Would deleting the recycle bin be the same as dividing by zero?
- err yes ! - unless you SHIFT DELETE - then it's like multiplying by zero !
807 is offline   Reply With Quote
Old 20th Jul 2010, 01:31   #17
thehippoz
Banned
 
Join Date: Dec 2008
Location: Fresno, CA
Posts: 5,780
thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!
Quote:
Originally Posted by MrZephyr View Post
Check out the US-CERT website, they say there is a workaround available:

http://www.us-cert.gov/current/index..._vulnerability

Microsoft Windows LNK Vulnerability
added July 16, 2010 at 10:08 am | updated July 19, 2010 at 09:02 am

US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for LNK files. Microsoft uses LNK files, commonly referred to as "shortcuts," as references to files or applications.

By convincing a user to display a specially-crafted LNK file, an attacker may be able to execute arbitrary code that would give the attacker the privileges of the user. Viewing the location of an LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive is connected, thus opening the location of the LNK and triggering the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user.

Microsoft has released Microsoft Security Advisory 2286198 in response to this issue. Users are encouraged to review the advisory and consider implementing the workarounds listed to reduce the threat of known attack vectors. Please note that implementing these workarounds may affect functionality. The workarounds include

* disabling the display of icons for shortcuts
* disabling the WebClient service

In addition to implementing the workarounds listed in Microsoft Security Advisory 2286198, US-CERT encourages users and administrators to consider implementing the following best practice security measures to help further reduce the risks of this and other vulnerabilities:

* Disable AutoRun as described in Microsoft Support article 967715.
* Implement the principle of least privilege as defined in the Microsoft TechNet Library.
* Maintain up-to-date antivirus software.

Additional information can be found in the US-CERT Vulnerability Note VU#940193.

US-CERT will provide additional information as it becomes available.
wow that's pretty bad.. you just have to view the lnk in the explorer to execute the code.. so it's to do with executing the code through an overflow when it goes to load the icon

man that's sick.. you can't even view a file without getting it up the yahoo something like this would have been caught on open source a long time ago
thehippoz is offline   Reply With Quote
Old 20th Jul 2010, 03:00   #18
Altron
LIKE A BAUCE!!!!
 
Altron's Avatar
 
Join Date: Dec 2002
Location: an island on the Hudson
Posts: 3,183
Altron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the DremelAltron has yet to learn the way of the Dremel
Quote:
Originally Posted by 807 View Post
- err yes ! - unless you SHIFT DELETE - then it's like multiplying by zero !
Whoa. Dude. It's like there is a recycle bin in the recycle bin. Like, the circle of life, bro. Far out, man. It's like a double rainbow.
__________________
If this post is not up to your standards, please lower your standards.

e^i(pi)+1=0
Altron is offline   Reply With Quote
Old 20th Jul 2010, 09:52   #19
proxess
Hypermodder
 
Join Date: Nov 2006
Location: Zeist, Netherlands
Posts: 975
proxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for presidentproxess should be considered for president
Quote:
Originally Posted by leexgx View Post
not an auto run bug, short cut bug (read the last part)
I did read it all, assuming you know what shortcuts you have on your desktop...
__________________
Laptop: i7 4800MQ 2.7GHz (~3.7GHz); 2x 4GB Kingston HyperX Genesis 1600MHz; Nvidia 780M 4GB; Crucial M4 256GB SSD; Ubuntu 14.04 x64 and Windows 8.1 x64.
Ubuntu #8076 / Linux #429448
proxess is offline   Reply With Quote
Old 20th Jul 2010, 14:27   #20
leexgx
CPC hang out zone (i Fix pcs i do )
 
leexgx's Avatar
 
Join Date: Jun 2006
Location: uk
Posts: 1,239
leexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremelleexgx has yet to learn the way of the Dremel
but the point is just viewing the shortcut (not clicking on it just the file in the list) seems to be able to trigger the issue got to be the Worst type of bug i have ever seen (ok msblaster was the best one :P for users who lacked an router or just not enable the windows firewall as that can stop it as well)
__________________
i7-920 (4Ghz) <> Titian ferna <> Rampage extreme III<> GTX480 <> 6gb 3x2gb OCZ Gold 1600 <> SSD M225 256gb / segate .11 1.5TB <> X-Fi Titanium Fatal1ty <> TK 1000w Toughpower <win7 x64> GreenFrog Computers Warrington
leexgx is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 08:53.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.