Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Tool Blunts Threat from Windows Shortcut Flaw
Krebs on Security ^

Posted on 07/21/2010 5:39:02 AM PDT by Gomez

Microsoft has released a stopgap fix to help Windows users protect themselves against threats that may try to target a newly discovered, critical security hole that is present in every supported version of Windows.

Last week, KrebsOnSecurity.com reported that security researchers in Belarus had found a sophisticated strain of malware that was exploiting a previously unknown flaw in the way Windows handles shortcut files. Experts determined that the malware exploiting the vulnerability was being used to attack computers that interact with networks responsible for controlling the operations of large, distributed and very sensitive systems, such as manufacturing and power plants.

When Microsoft initially released an advisory acknowledging the security hole last week, it said customers could disable the vulnerable component by editing the Windows registry. Trouble is, editing the registry can be a dicey affair for those less experienced working under the hood in Windows because one errant change can cause system-wide problems.

But in an updated advisory posted Tuesday evening, Microsoft added instructions for using a much simpler, point-and-click “FixIt” tool to disable the flawed Windows features. That tool, available from this link, allows Windows users to nix the vulnerable component by clicking the “FixIt” icon, following the prompts, and then rebooting the system.

Be advised, however, that making this change could make it significantly more difficult for regular users to navigate their computer and desktop, as it removes the graphical representation of icons on the Task bar and Start menu bar and replaces them with plain, white icons.

For instance, most Windows users are familiar with these icons:

According to Microsoft, after applying this fix, those icons will be replaced with nondescript (and frankly ugly) placeholders that look like this:

There are currently no signs that this vulnerability is being used in anything but targeted attacks against some very important targets. That said, the situation could change rapidly soon. For one thing, a proof-of-concept exploit is now publicly available and embedded into open-source attack tools. And while initial reports suggested the primary means of exploiting this flaw required someone to introduce a strange USB device into their system, experts have since shown that the exploit can also be used to spread and launch malicious programs over network shares.

The SANS Internet Storm Center on Monday made the relatively rare decision to change its threat warning level to yellow over this vulnerability, warning that “wide-scale exploitation is only a matter of time.”

“The proof-of-concept exploit is publicly available, and the issue is not easy to fix until Microsoft issues a patch,” SANS incident handler Lenny Zeltser wrote. “Furthermore, anti-virus tools’ ability to detect generic versions of the exploit have not been very effective so far.”

Both of these potential exploit paths probably make this vulnerability far more dangerous for corporate and business users than for home users. That said, having ugly Start Menu and Taskbar icons for a few weeks until Microsoft issues a real fix for this flaw may be a small price to pay for peace of mind. Also, the FixIt changes can be undone simply by visiting this link and clicking the FixIt icon under the “Disable This Workaround” heading.

Further reading:

Siemens: German Customer Hit by Industrial Worm

Mitigating Link Exploitation with Ariad

ICS-CERT: USB Malware Targeting Siemens Control Software (PDF)


TOPICS: Computers/Internet
KEYWORDS: lowqualitycrap; microsofttax
Navigation: use the links below to view more comments.
first 1-2021-35 next last

1 posted on 07/21/2010 5:39:04 AM PDT by Gomez
[ Post Reply | Private Reply | View Replies]

To: ShadowAce

ping


2 posted on 07/21/2010 5:40:42 AM PDT by Gomez (killer of threads)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gomez; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

3 posted on 07/21/2010 5:55:07 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gomez

All ms products are and will be security risks due to poor engineering practices.

Get a Mac, they just work well. Too bad apple is run by a bunch of commie libs, but most scientists are.


4 posted on 07/21/2010 6:04:04 AM PDT by SecondAmendment (Restoring our Republic one Post at a Time)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SecondAmendment; PugetSoundSoldier; driftdiver

Macs have issues as well. But when you are only 5% of the market no one is targeting them unless there is a prize to be one. In which case then they are the first to be hacked.


5 posted on 07/21/2010 6:12:10 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 4 | View Replies]

To: for-q-clinton

one=won.


6 posted on 07/21/2010 6:16:04 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 5 | View Replies]

To: SecondAmendment

I don’t mind Apple writing my phone software, but I couldn’t imagine actually using a computer with that stuff on it.

PC software bends over backwards to give me what I want. Apple software is the opposite... in my experience anyway.

After 21 years of using a PC, I got bit by a virus one time... and that was an ANSI Bomb back in 1992.


7 posted on 07/21/2010 6:21:49 AM PDT by RingerSIX
[ Post Reply | Private Reply | To 4 | View Replies]

To: 21stCenturion

...


8 posted on 07/21/2010 6:28:28 AM PDT by 21stCenturion ("It's the Judges, Stupid !")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gomez

Our company is watching this exploit very carefully. Our IT security have been going batshit crazy for the last couple weeks. Some of our DMZ servers have this “fix” applied. Seems dumb to me.


9 posted on 07/21/2010 6:29:11 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SecondAmendment

Aside from an iPhone, Apple gets no money from me. Their computers are not better. (I have had Mac desktops and laptops at work for 14 years.) They’re just different. At home, I have a dual-boot: XP/Linux.


10 posted on 07/21/2010 6:33:45 AM PDT by Clara Lou (Barack Obama: saboteur)
[ Post Reply | Private Reply | To 4 | View Replies]

To: SecondAmendment

“All ms products are and will be security risks due to poor engineering practices.”

LOL yea right

“Get a Mac, they just work well.”

Unless you hold it wrong.


11 posted on 07/21/2010 6:41:58 AM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: for-q-clinton

About 100,000 new pieces of malware are released every two days, focused on Windows.

Much of it is state sponsored.


12 posted on 07/21/2010 6:44:03 AM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: driftdiver

And there are some very, very nasty things coming out of E. Europe. Russia. And China as well. Easier to prevent them from getting into your system, than trying to remove them after wards.
Recently ran DRIVE SCRUBBER in effort to remove a lot of bad stuff from a friends PC. Ran it twice and finally cleaned the crap out of it. PC had literally been shut down by it. Was amusing to watch the cursor go in opposite directions as the user intended ...


13 posted on 07/21/2010 6:58:58 AM PDT by donozark (It's hard to afford a psychiatrist when you work at a gas station...)
[ Post Reply | Private Reply | To 12 | View Replies]

To: for-q-clinton; SecondAmendment

Why do you keep repeating statements that have been solidly refuted? The first to be hacked thing is a bit disingenuous too.


14 posted on 07/21/2010 7:02:00 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 5 | View Replies]

To: Gomez

bump


15 posted on 07/21/2010 7:59:45 AM PDT by tutstar
[ Post Reply | Private Reply | To 1 | View Replies]

To: antiRepublicrat
>
> Why do you keep repeating statements that have been
> solidly refuted? The first to be hacked thing is a bit
> disingenuous too.
>

Because they have NOT been solidly refuted (disclaimer I am a Professional Computer Scientist with a CompSci degree ).

An operating system should be like the old Volvos, gradually developed and constantly improved over time.

And the Mac's OS X is a certified UNIX operating system, sharing the same lineage as Oracle (Sun) Solaris, Open/Free BSD. In short it builds on over 30 years of solid experience with many users and deployed on many different types of machines (this is why it was easy for the Mac to jump from Power PC to Intel).

All MS products are developed in a closed bubble, with Windows 7 only being able to trace it's code base back to Windows NT (early 90s).

While its true that no Operating System should be blindly trusted to be secure, it is exceptionally easy for Windows systems to be hijacked, due to the poor design, lack of outside review, and general culture and attitude of Microsoft.

While you will hear about vulnerabilities of Mac OS X from time to time, they rarely if ever go beyond compromising a single user's account. MS will constantly blame 3rd party software (i.e. Adobe) for these kind of problems, but this just underscores MS incompetence, since its the job of an Operating System guarantee that bad programs don't allow bad things to happen.

Even when an MS system is bogged down with 3rd party anti-virus software, Intel hardware hacks ( NX bit ), hardware and software file walls in place, they still get compromised on a regular basis.

Any unbiased observer would have to admit that a company like MS with the vast amount of resources available to it, would have greatly minimized this problem if it really wanted to, especially since there have been many other systems which have solved this problem decades before.

16 posted on 07/21/2010 8:01:50 AM PDT by SecondAmendment (Restoring our Republic one Post at a Time)
[ Post Reply | Private Reply | To 14 | View Replies]

To: SecondAmendment; for-q-clinton
Because they have NOT been solidly refuted

By showing the architectural reasons for a relative lack of exploits in the wild, you are helping in the refutation. They think the only reason effective viruses aren't in the wild for OS X is because of low marketshare, making it not interesting to the malware writers. They forget that while OS X has 50+ million users, people wrote highly successful malware for pre-OS X MacOS, and for other product populations with numbers well under a million.

As far as "first to be hacked," the reference is to hacks that took weeks to develop in advance, which were then released in the second round of a hacking contest to win (Safari was the culprit all three times). Windows machines were hacked on-premises. All it showed was that Macs are more desirable than PCs.

17 posted on 07/21/2010 9:01:29 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 16 | View Replies]

To: antiRepublicrat
As far as "first to be hacked," the reference is to hacks that took weeks to develop in advance, which were then released in the second round of a hacking contest to win (Safari was the culprit all three times).

And that makes OSX Secure how?

18 posted on 07/21/2010 9:43:29 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 17 | View Replies]

To: for-q-clinton
And that makes OSX Secure how?

It easily refutes the insinuation you made with the "first to be hacked" comment. OS X was in fact not easier to hack, but harder since the OS X hack took weeks of advance work to pull off.

19 posted on 07/21/2010 10:01:56 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 18 | View Replies]

To: antiRepublicrat; driftdiver; PugetSoundSoldier
It easily refutes the insinuation you made with the "first to be hacked" comment. OS X was in fact not easier to hack, but harder since the OS X hack took weeks of advance work to pull off.

I was wondering how the Mac OSX is more secure crowd was going to respond to being the first hacked several times in a row. But what you are ignoring is that these exploits have been known for a long time and yet Apple has not fixed them. The fact that they hacked them in advance AND apple knew they were doesn't speak very well of their ability to patch products.

Before these contents the macbot mantra was it's unbreakable. Then after seeing they were the first hacked it's now but it took a lot of planning to make mac the first to be hacked.

Ok...whatever helps you sleep at night I guess. But it's obvious to anyone that is concerned about security over a company doing well--it's not secure.

20 posted on 07/21/2010 10:08:10 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-35 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson