Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Tool Blunts Threat from Windows Shortcut Flaw
Krebs on Security ^

Posted on 07/21/2010 5:39:02 AM PDT by Gomez

Microsoft has released a stopgap fix to help Windows users protect themselves against threats that may try to target a newly discovered, critical security hole that is present in every supported version of Windows.

Last week, KrebsOnSecurity.com reported that security researchers in Belarus had found a sophisticated strain of malware that was exploiting a previously unknown flaw in the way Windows handles shortcut files. Experts determined that the malware exploiting the vulnerability was being used to attack computers that interact with networks responsible for controlling the operations of large, distributed and very sensitive systems, such as manufacturing and power plants.

When Microsoft initially released an advisory acknowledging the security hole last week, it said customers could disable the vulnerable component by editing the Windows registry. Trouble is, editing the registry can be a dicey affair for those less experienced working under the hood in Windows because one errant change can cause system-wide problems.

But in an updated advisory posted Tuesday evening, Microsoft added instructions for using a much simpler, point-and-click “FixIt” tool to disable the flawed Windows features. That tool, available from this link, allows Windows users to nix the vulnerable component by clicking the “FixIt” icon, following the prompts, and then rebooting the system.

Be advised, however, that making this change could make it significantly more difficult for regular users to navigate their computer and desktop, as it removes the graphical representation of icons on the Task bar and Start menu bar and replaces them with plain, white icons.

For instance, most Windows users are familiar with these icons:

According to Microsoft, after applying this fix, those icons will be replaced with nondescript (and frankly ugly) placeholders that look like this:

There are currently no signs that this vulnerability is being used in anything but targeted attacks against some very important targets. That said, the situation could change rapidly soon. For one thing, a proof-of-concept exploit is now publicly available and embedded into open-source attack tools. And while initial reports suggested the primary means of exploiting this flaw required someone to introduce a strange USB device into their system, experts have since shown that the exploit can also be used to spread and launch malicious programs over network shares.

The SANS Internet Storm Center on Monday made the relatively rare decision to change its threat warning level to yellow over this vulnerability, warning that “wide-scale exploitation is only a matter of time.”

“The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch,” SANS incident handler Lenny Zeltser wrote. “Furthermore, anti-virus tools’ ability to detect generic versions of the exploit have not been very effective so far.”

Both of these potential exploit paths probably make this vulnerability far more dangerous for corporate and business users than for home users. That said, having ugly Start Menu and Taskbar icons for a few weeks until Microsoft issues a real fix for this flaw may be a small price to pay for peace of mind. Also, the FixIt changes can be undone simply by visiting this link and clicking the FixIt icon under the “Disable This Workaround” heading.

Further reading:

Siemens: German Customer Hit by Industrial Worm

Mitigating Link Exploitation with Ariad

ICS-CERT: USB Malware Targeting Siemens Control Software (PDF)


TOPICS: Computers/Internet
KEYWORDS: lowqualitycrap; microsofttax
Navigation: use the links below to view more comments.
first previous 1-2021-35 last
To: antiRepublicrat; driftdiver; PugetSoundSoldier
It easily refutes the insinuation you made with the "first to be hacked" comment. OS X was in fact not easier to hack, but harder since the OS X hack took weeks of advance work to pull off.

I was wondering how the Mac OSX is more secure crowd was going to respond to being the first hacked several times in a row. But what you are ignoring is that these exploits have been known for a long time and yet Apple has not fixed them. The fact that they hacked them in advance AND apple knew they were doesn't speak very well of their ability to patch products.

Before these contests the macbot mantra was it's unbreakable. Then after seeing they were the first hacked it's now but it took a lot of planning to make mac the first to be hacked.

Ok...whatever helps you sleep at night I guess. But it's obvious to anyone that is concerned about security over a company doing well--it's not secure.

21 posted on 07/21/2010 10:08:35 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 19 | View Replies]

To: for-q-clinton
But what you are ignoring is that these exploits have been known for a long time and yet Apple has not fixed them.

2008 exploit: patched with Safari 3.1.1
2009 exploit: patched with Safari 3.2.3
2010 exploit: patched with CVE-2010-1120

The fact that they hacked them in advance AND apple knew they were doesn't speak very well of their ability to patch products.

The contest is part of TippingPoint's Zero Day Initiative. Being zero-day, the vulnerabilities by definition had not been previously reported to any vendor. TippingPoint reported the vulnerabilities to the appropriate vendors after the contest.

You're 0 for 2 in your first paragraph. That might be some kind of record for you.

22 posted on 07/21/2010 10:41:58 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 21 | View Replies]

To: antiRepublicrat
>
> They forget that while OS X has 50+ million users, people
> wrote highly successful malware for pre-OS X MacOS,
>

But this proves my point, MS architecture is fatally flawed and IT IS THE BUSINESS CULTURE OF MS WHICH WILL NEVER CHANGE THIS.

As you mention above, the non-unix Mac OS had numerous exploits (and I have been a victim of this myself). But Apple was willing to admit that their proprietary OS was poorly designed, and was willing to replace it with a superior architecture primarly developed by others outside of Apple because it is the "best of breed" technology.

>
> for other product populations with numbers well under a
million.
>

You have to factor all Un*x (real and cloned) into the user base since they all have the same basic design. And as for the Safari exploit, as I mentioned earlier, it only hijacks a single, user's account, while the vast majority of Windows exploits result in complete control of the system.

23 posted on 07/21/2010 11:36:15 AM PDT by SecondAmendment (Restoring our Republic one Post at a Time)
[ Post Reply | Private Reply | To 17 | View Replies]

To: SecondAmendment
But this proves my point,

And mine, too, that the lack of effective self-replicating malware in the wild for OS X is NOT because of the low marketshare.

OS 9 had such a poor security architecture that developer tools for it specialized in catching potential memory writes outside of the program's address space. As you know, that's a common method of exploiting a system, and it was easy to do just by accident.

Personally, I'd love to see a full-blown OS based on a true microkernel like Minix or seL4. The latter has even been subjected to a formal proof of its function. That's enough to get EAL7 certified, something no other operating system has achieved.

24 posted on 07/21/2010 12:06:10 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 23 | View Replies]

To: antiRepublicrat

Oh I see you are referring to a different contest then the one I was. I didn’t know Tipping Point had one as well. Good to know...there are two different contests where Mac is leading the fail.

Nice to know.


25 posted on 07/22/2010 7:02:34 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 22 | View Replies]

To: SecondAmendment

Which version of windows are you referring to?


26 posted on 07/22/2010 7:04:09 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 23 | View Replies]

To: antiRepublicrat

I see where tippingpoint was a sponsor of pwn2own. So are you referring to the same one as I am?

If so the person who hacked the mac listed several exploits in ADVANCE telling Apple they have serious issues and they failed to fix it. SO he used one of those hacks to win the contest. There were several more that he had queued up. I believe that’s how he won it a couple years in a row.

While Apple is patching after the fact you think they would fix it BEFORE hand.


27 posted on 07/22/2010 7:08:31 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 25 | View Replies]

To: antiRepublicrat

Well let’s see what the person who actually hacked the Mac has to say:

http://blogs.computerworld.com/15605/hacker_pwn2own_organizer_windows_7_is_safer_than_snow_leopard

And what the organizer of Pawn2own says is in there as well.

They both agree at worst Windows 7 is as secure as Snow Leopard. At best it is better.


28 posted on 07/22/2010 7:11:40 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 24 | View Replies]

To: for-q-clinton

I already see you’re perfectly willing to lie right here. Two lies smacked down in the same paragraph. And now you still claim to have knowledge of the situation?


29 posted on 07/22/2010 7:49:05 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 28 | View Replies]

To: for-q-clinton

We are referring to the same contest. The vulnerabilities are reported to the vendors AFTER the contest.

Safari, based on the open source WebKit, seems to be a serious problem. I hope all the other companies using WebKit wake up. Of course, ASLR and DEP didn’t help IE 8 from letting a hack either. Everybody needs to look to Chrome, which was never compromised.


30 posted on 07/22/2010 8:03:30 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 25 | View Replies]

To: antiRepublicrat
Everybody needs to look to Chrome, which was never compromised.

Chrome really wasn't attempted to be hacked though. I believe they were a late attender to the festivities.

Charlie Miller has said he had a list of 25 hacks (or something like that) and has enouraged Apple to take security seriously or he will continue to win that contest with those 25 hacks releasing one per year.

So while the hack is announced to apple after he told them BEFORE hand that he has 25 exploits and has had them for a long while.

31 posted on 07/22/2010 8:17:40 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 30 | View Replies]

To: antiRepublicrat

How is posting a link to what two professional hackers have to say about OSX a lie?

I guess you have to restort to name calling when you lose the battle of facts.


32 posted on 07/22/2010 8:19:03 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 29 | View Replies]

To: antiRepublicrat

How is posting a link to what two professional hackers have to say about OSX a lie?

I guess you have to resort to name calling when you lose the battle of facts.


33 posted on 07/22/2010 8:19:06 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 29 | View Replies]

To: for-q-clinton
Chrome really wasn't attempted to be hacked though. I believe they were a late attender to the festivities.

Win7/Chrome was the configuration of one of the four target computers for the entire contest. It was eligible for the prize money if hacked, just like the rest.

Charlie Miller has said he had a list of 25 hacks (or something like that) and has enouraged Apple to take security seriously or he will continue to win that contest with those 25 hacks releasing one per year.

Given your prior history, you have to show me proof of that. Apple released a patch covering a bunch of Safari security bugs just before the last contest. It's pretty obvious they did it so Safari wouldn't get hacked again. So you're telling me they purposely didn't fix just Miller's submissions knowing that not doing so would result in him hacking Safari again?

Miller also has a hard-on for DEP and ASLR; they are his main focus for talking about the Mac. He is right about the advantages they bring and that Apple could do more work to implement them better. But he forgets that many common Windows apps don't support them fully anyway, or even at all. You see, Windows apps have to be written specifically to support DEP and ASLR, or they don't get the security advantages. So the real-world security of your average Windows user isn't improved all that much by DEP and ASLR.

34 posted on 07/22/2010 8:49:47 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 31 | View Replies]

To: for-q-clinton
I guess you have to resort to name calling when you lose the battle of facts.

You just lost the battle of facts by posting two provably false statements.

35 posted on 07/22/2010 8:58:25 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 33 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-35 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson