My Community
August 30, 2014, 07:12:13 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ViGlance Summer Edition 2!
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Windows critically flawed, serious security risks uncovered!  (Read 1514 times)
Rainoffire
Official BETA Tester
Hero Member
*****
Posts: 1058


Tech Support (English & 日本語) & Graphics Editor


View Profile WWW
« on: July 20, 2010, 05:26:20 AM »

Taken from Examiner.com

Source: LINK


Microsoft's Windows operating systems have recently been found to have a major security hole, a flaw so critical that it bypasses all Windows 7 security mechanisms.  Chester Wisniewski of security company Sophos explains that:

"Lots of research has gone into it and most of the results are not good news for Windows users. It is important to think about this attack as two separate pieces, one that is a new zero-day vulnerability that could easily be adopted by any malware author, the other a unique payload that appears to be designed to go after some very specific infrastructure targets.

For corporate users (unless you run a power plant, water system or other SCADA system) the important part is the zero-day flaw. Warning: I am about to go a bit geeky.

The flaw is in how shell32.dll tries to load control panel icons from applets. By making a specially crafted shortcut pointing to a malicious file, you can make Windows Explorer blindly execute the malicious file when the location of the shortcut is merely browsed to. In this case the malicious file is a rootkit and a dropper that immediately hide the special shortcut (.lnk) files. Allowing executable code to load in the process of trying to retrieve an icon seems like a major oversight in the design of Windows."

Microsoft plans to update Windows 7 with a fix in the coming weeks.  The big issue here, however, is that Windows XP and Windows 2000 have, as of last Tuesday, been removed from the list of supported products and will therefore continue to be at risk -- Microsoft has no immediate plans to update these older versions of Windows.

Particularly disturbing is Wisniewski's comment:  "Having had the opportunity to play with it and see the simplicity with which it can be used, I suspect it will be too juicy a target to ignore."  Great.


Source: LINK
Logged

link6155
Full Member
***
Posts: 195


Metro UI Designer

kirby6154@hotmail.com
View Profile WWW
« Reply #1 on: July 20, 2010, 09:51:52 AM »

 Shocked
Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!