Discussion in 'Article Discussion' started by CardJoe, 19 Jul 2010.
Ouch. Tho it doesn't seem that bad on Windows 7, autorun is off by default. What about XP and Vista? Is it the same on these? I bet Windows ME is safe on this one.
not an auto run bug, short cut bug (read the last part)
Not a severe bug, just don't use .lnk files...
Still they should patch that as quickly as possible, Joe Average ain't the sharpest tool in the box.
It doesn't matter at all for the average user, it's already too late for them and their ignorance. They'll continue to use Limewire blissfully unaware. The majority believe that the scare-ware AV software that's doing the rounds is actually their AV.
Tell them that shortcut icons can be exploited and they'll go around deleting everything.
I have to admit that the thought of telling someone that and seeing them do that would be highly entertaining and thoroughly amusing
That it would.
Im confused I thought they released an Update a while back that stopped Auto Run from starting to stop or slowdown that one cornflickerwhatever virus? I know when I plug in removable media nothing happens until I go and actually open it.
I can't delete Recycle Bin! Help!
Congratulations! You just won the understatement of the year award!
A fix would be very nice (right now, please?) as one of our users almost had a call logged today as "Too blonde to use scanner - clue-by-4 required" (I get in trouble for that sort of thing, it's considered unprofessional) and I shudder to think what can be done by the blind clicking on the "Yes" button can cause if this flaw goes unpatched.
Much as I detest patch Tuesday it serves a purpose and this bunny should be right up there on the list as "Critical".
ah yeah autorun.inf trojaning.. I used to silk rope trojan onto the setup (granted this was a long time ago when autorun was on by default).. it was a guaranteed thing as soon as they put in the disk
my messenger would pop and the ip would be in the irc channel.. oh those were the days- I dunno if you guys remember the oob nuke on windows 95.. you nuke whole groups of people on the internet by hitting blocks of ip's randomly and make their rigs bsod xD
the av software has gotten pretty good.. your more prone to phishing someone's info than getting a trojan installed successfully.. human error will always be the biggest factor
anyone running the uac full up and tests the software they install in a vm beforehand- they'll have no problems for the most part
I'd like to see that in the next version of windows.. a feature like in acronis true image home- where your able to install something and 'revert' back instead of relying on backups.. the restore does an ok job but a lot of times they just erase the restore points
I do think many of the trojans written today are by the av companies.. they gotta keep the wheel greased- they also aren't fond of the uac.. but microsoft default on the uac in windows 7 is pretty shitty- you have to turn it up to get any real use out of it.. it should be on or off
Check out the US-CERT website, they say there is a workaround available:
Microsoft Windows LNK Vulnerability
added July 16, 2010 at 10:08 am | updated July 19, 2010 at 09:02 am
US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for LNK files. Microsoft uses LNK files, commonly referred to as "shortcuts," as references to files or applications.
By convincing a user to display a specially-crafted LNK file, an attacker may be able to execute arbitrary code that would give the attacker the privileges of the user. Viewing the location of an LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive is connected, thus opening the location of the LNK and triggering the vulnerability. Other applications that display file icons can be used as an attack vector for this vulnerability as well. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user.
Microsoft has released Microsoft Security Advisory 2286198 in response to this issue. Users are encouraged to review the advisory and consider implementing the workarounds listed to reduce the threat of known attack vectors. Please note that implementing these workarounds may affect functionality. The workarounds include
* disabling the display of icons for shortcuts
* disabling the WebClient service
In addition to implementing the workarounds listed in Microsoft Security Advisory 2286198, US-CERT encourages users and administrators to consider implementing the following best practice security measures to help further reduce the risks of this and other vulnerabilities:
* Disable AutoRun as described in Microsoft Support article 967715.
* Implement the principle of least privilege as defined in the Microsoft TechNet Library.
* Maintain up-to-date antivirus software.
Additional information can be found in the US-CERT Vulnerability Note VU#940193.
US-CERT will provide additional information as it becomes available.
Would deleting the recycle bin be the same as dividing by zero?
I wish! The implosion in the space time continuum caused should be localised and therefore only eliminate the specific perpetrator rather than the whole universe. We can, at least, hope that this would be the case.
Full credit for the rational approach. We're talking about end users here - "To click or not to click, that is the question. Whether 'tis nobler..." (I sincerely apologise for seriously mauling that quote but I hope that you get the picture I'm seeing at the moment). The rational, secure approach is for the geeks/network techs. For everyone else it's simply a case of "What happens if I click on this?" and some bugger else has to clean up the mess.
If I recall actually, a lot of people had problems with deleting their recycle bin and then couldn't get it back
wow that's pretty bad.. you just have to view the lnk in the explorer to execute the code.. so it's to do with executing the code through an overflow when it goes to load the icon
man that's sick.. you can't even view a file without getting it up the yahoo something like this would have been caught on open source a long time ago
Whoa. Dude. It's like there is a recycle bin in the recycle bin. Like, the circle of life, bro. Far out, man. It's like a double rainbow.
I did read it all, assuming you know what shortcuts you have on your desktop...
but the point is just viewing the shortcut (not clicking on it just the file in the list) seems to be able to trigger the issue got to be the Worst type of bug i have ever seen (ok msblaster was the best one for users who lacked an router or just not enable the windows firewall as that can stop it as well)
In windows 95, you could install applications in the recycle bin... And never be able to remove them anymore.
Separate names with a comma.