My Community
November 29, 2015, 05:47:19 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: ViGlance Summer Edition 2!
   Home   Help Search Login Register  
Pages: [1]
Author Topic: Windows critically flawed, serious security risks uncovered!  (Read 2834 times)
Official BETA Tester
Hero Member
Posts: 1058

Tech Support (English & 日本語) & Graphics Editor

View Profile WWW
« on: July 20, 2010, 05:26:20 AM »

Taken from

Source: LINK

Microsoft's Windows operating systems have recently been found to have a major security hole, a flaw so critical that it bypasses all Windows 7 security mechanisms.  Chester Wisniewski of security company Sophos explains that:

"Lots of research has gone into it and most of the results are not good news for Windows users. It is important to think about this attack as two separate pieces, one that is a new zero-day vulnerability that could easily be adopted by any malware author, the other a unique payload that appears to be designed to go after some very specific infrastructure targets.

For corporate users (unless you run a power plant, water system or other SCADA system) the important part is the zero-day flaw. Warning: I am about to go a bit geeky.

The flaw is in how shell32.dll tries to load control panel icons from applets. By making a specially crafted shortcut pointing to a malicious file, you can make Windows Explorer blindly execute the malicious file when the location of the shortcut is merely browsed to. In this case the malicious file is a rootkit and a dropper that immediately hide the special shortcut (.lnk) files. Allowing executable code to load in the process of trying to retrieve an icon seems like a major oversight in the design of Windows."

Microsoft plans to update Windows 7 with a fix in the coming weeks.  The big issue here, however, is that Windows XP and Windows 2000 have, as of last Tuesday, been removed from the list of supported products and will therefore continue to be at risk -- Microsoft has no immediate plans to update these older versions of Windows.

Particularly disturbing is Wisniewski's comment:  "Having had the opportunity to play with it and see the simplicity with which it can be used, I suspect it will be too juicy a target to ignore."  Great.

Source: LINK

Full Member
Posts: 194

Metro UI Designer
View Profile WWW
« Reply #1 on: July 20, 2010, 09:51:52 AM »


Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!