Computer/Internet Issues & Troubleshooting Anyone with questions about the terribly complex world of computers or the internet should try here. NOT FOR REPORTING ISSUES WITH PPRuNe FORUMS! Please use the subforum "PPRuNe Problems or Queries."

Talking of Vulnerability.

Old 22nd Jul 2010, 22:39
  #1 (permalink)  
Psychophysiological entity
Thread Starter
 
Join Date: Jun 2001
Location: Tweet Rob_Benham Famous author. Well, slightly famous.
Age: 82
Posts: 3,131
Talking of Vulnerability.

This has done the rounds on some Uni tech departments. I'm not sure if it affects the general public.


Re: Vulnerability in Windows Operating System (RISK: High)



Greetings,

Microsoft has announced that it has discovered a serious vulnerability in the Microsoft Windows Operating System that could allow an attacker to gain the same user privileges as the logged on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could also embed an exploit in a document that supports embedded shortcuts or hosted browser controls, such as, Microsoft Office documents, e-mail attachments, or web sites

A list of systems affected:

· Windows XP

· Windows Vista

· Windows 7

· Windows Server 2003

· Windows Server 2008

There is currently no patch available from Microsoft for this vulnerability; however, UTXX Computer Support Services will be releasing a temporary fix that will be pushed to all managed UTXX campus machines that will disable the displaying of icons for shortcuts. This is a temporary solution until Microsoft releases a patch for the vulnerability. The update will be released tonight to managed campus machines. Please note that your shortcut icons may not display properly.
Loose rivets is offline  
Old 23rd Jul 2010, 07:38
  #2 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
In fact Ms released a stopgap patch on Tuesday Microsoft issues stopgap fix for critical Windows flaw ? The Register but it is reckoned they will be hard-pressed to get the update out by 'Patch Tuesday'

BOAC is offline  
Old 23rd Jul 2010, 10:09
  #3 (permalink)  
 
Join Date: Aug 2007
Posts: 647
Hello Rivits and BOAC

This is a bad one, It leaverages those files that constitute the short cut icons on the desk top. Yep we've all got them - apparently the bad guys have been attempting to utilise this weakness in the win code to gain control of PC's.

So much for Mr Ballmer's claims about the security intregity improvements incorporated in the Windows operating system.

I think is better to llog in as a limited user untill a fix is available.

CAT III
Guest 112233 is offline  
Old 23rd Jul 2010, 10:38
  #4 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
err... fix IS available?
BOAC is offline  
Old 23rd Jul 2010, 11:04
  #5 (permalink)  
 
Join Date: Aug 2007
Posts: 647
Hello again BOAC

Yes I totally Agree. Use another Operating System. The fix looks a bit complex for a ordinary user. Get it wrong and ........... . Let's see if an out of sequence auto fix comes from Microsoft before the next Patch Tues.

Update from article in the link above - The new fis ia an auomatic one, but the functionality of the icons is partly lost. - I stand corrected.

Complex issues arrise for people who really do need to see differentiated icons - visually impared users for example.

CAT III

(Linux user)
Guest 112233 is offline  
Old 23rd Jul 2010, 11:43
  #6 (permalink)  
More bang for your buck
 
Join Date: Nov 2005
Location: land of the clanger
Age: 80
Posts: 3,512
If your using W7 you don't really need icons on the desktop, my most used ones are in the taskbar. I dont have any programs on the desktop at all.
green granite is offline  
Old 23rd Jul 2010, 11:50
  #7 (permalink)  
 
Join Date: Aug 2002
Location: Earth
Posts: 3,664
Suggest people also take a look at the official Microsoft line on the matter, here :

Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution


Specifically the "mitigating factors" section.

I suspect this will be yet another wake-up call for all those lazy users who insist on running with Administrator rights whilst browsing the web, plugging in USB keys etc.
mixture is offline  
Old 23rd Jul 2010, 11:56
  #8 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
gg - I get the impression it doesn't matter WHERE the 'icons' are - desktop, system tray, sandwich box etc etc from my link
"Specifically, the change will cause folder and file icons on the task bar and start menu to be stripped of their graphical representations, making them appear as generic, white boxes. The Fix It will also require machines to be rebooted."
BOAC is offline  
Old 23rd Jul 2010, 14:16
  #9 (permalink)  
Psychophysiological entity
Thread Starter
 
Join Date: Jun 2001
Location: Tweet Rob_Benham Famous author. Well, slightly famous.
Age: 82
Posts: 3,131
That's got my attention. Got one white box instead of the FF button on my Taskbar. W7

This followed the thread I started a couple of days ago about a ribbon dedicated to the rotating dots and a message telling me that it was loading something.

Maybe unrelated, but...

http://www.pprune.org/computer-inter...uninvited.html
Loose rivets is offline  
Old 23rd Jul 2010, 14:43
  #10 (permalink)  
 
Join Date: Nov 2004
Location: Perth - Western Australia
Age: 73
Posts: 1,806
What's wrong with using a good malware program to prevent this, or at least notify you that someone/something is trying to access your files? I use Online Armor, it seems to be pretty good at keeping the nasties at bay.
Anytime anything executable is attempted, it blocks it, and you get a full warning about what is happening, and whether you want to allow it to proceed.
onetrack is offline  
Old 26th Jul 2010, 06:54
  #11 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
With acknowledgements to 'The Register', 26/7/2010

Virus writers have begun using the unpatched shortcut flaw in Windows first exploited by the Stuxnet worm, which targets power plant control systems, to create malware that infects the general population of vulnerable Windows machines. Slovakian security firm Eset reports the appearance of two malware strains that exploit security vulnerabilities in the way Windows handles .lnk (shortcut) files, first used by Stuxnet to swipe information from Windows-based SCADA systems from Siemens.

The Chymine-A Trojan uses the same security hole to install a keystroke logger while the Autorun-VB-RP worm has been updated to use the shortcut vulnerability as an infection method. The original hackers developed a technique to embed malicious code in shortcut files in such a way that this code is run when an icon is viewed, an approach now followed by less skilled VXers.
BOAC is offline  
Old 2nd Aug 2010, 06:54
  #12 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Emergency Patch Bulletin expected 1000 California time today
BOAC is offline  
Old 2nd Aug 2010, 06:58
  #13 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Firefox 'Update' scam

The new ruse features a fake Firefox "Just Updated" page of the type that is displayed just after users update their browser software, a regular occurrence of late. The page claims that users need to get a Flash update, and produces a download dialogue box with a scareware payload. The attack kicks in once surfers visit a maliciously constructed website and is not associated with genuine Firefox updates from Mozilla, which simply serve as a theme for the attack.
BOAC is offline  
Old 2nd Aug 2010, 23:45
  #14 (permalink)  
 
Join Date: May 2009
Location: Down Under somewhere not all that far from YPAD
Age: 77
Posts: 513
Emergency Patch Bulletin expected 1000 California time today
A new single Microsoft security update with the now quite familiar description was available when my computers were woken this morning. The link in the update box confirms this is indeed a critical update, and that it addresses the issues raised in this thread.

FOR
FullOppositeRudder is offline  
Old 4th Aug 2010, 07:09
  #15 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Adobe/IPhone this time

New patch expected shortly from Adobe for 'Reader' for new 'vulnerability and there is apparently a way into jailbreaking the IPhone through the flaw.
BOAC is offline  
Old 6th Aug 2010, 07:34
  #16 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
Adobe patch due week commencing 16 August and stand by for an 'enjoyable' few hours trying to install a 'record' raft of 14 M$ patches, 8 'critical', next Tuesday patching ! 34 ! vulnerabilities.

I wonder how many of those will trip up at install?
BOAC is offline  
Old 6th Aug 2010, 08:28
  #17 (permalink)  
More bang for your buck
 
Join Date: Nov 2005
Location: land of the clanger
Age: 80
Posts: 3,512
don't have it on my PC luckily, so no problems.
green granite is offline  
Old 9th Aug 2010, 07:45
  #18 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
IT gets worse

From the Register today

Unpatched kernel-level vuln affects all Windows versions

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.
The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges.


The bug resides in the “CreateDIBPalette()” function of a device driver known as “Win32k.sys.” It is exploited by pasting a large number of color values into an improperly allocated buffer, potentially allowing attackers to sneak in malicious payloads, vulnerability tracking service Secunia warned.

It affects fully patched installations of every supported Windows platform, from Windows XP SP 3 to Windows Vista, 7, and Server 2008. The latter three versions contain several defenses designed to lessen the effect of security vulnerabilities. It wouldn't be surprising if code execution attacks were possible only on earlier versions that don't have the defenses, which include DEP, or data execution prevention, and ASLR, short for address space layout randomization.
There are no reports of the vulnerability being exploited in the wild. Microsoft said it is investigating the reports but didn't have additional information. Microsoft is scheduled to issue a record 14 security bulletins during next week's Patch Tuesday.
BOAC is offline  
Old 10th Aug 2010, 08:04
  #19 (permalink)  
 
Join Date: May 2009
Location: Down Under somewhere not all that far from YPAD
Age: 77
Posts: 513
Microsoft is scheduled to issue a record 14 security bulletins during next week's Patch Tuesday.
Fourteen you say .........

I can hardly contain my sense of eager anticipation

(sigh)

FoR
FullOppositeRudder is offline  
Old 10th Aug 2010, 19:17
  #20 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,579
I can hardly contain my sense of eager anticipation
- I hope you did 'cos 15 turned up

M$ obviously DETERMINED to set a record for M$ updates that cannot be beaten................................err..........I'll just read that again
BOAC is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright © 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.