|
Windows and file sharing vulnerability
Last week Apple fixed an I-Tunes vulnerability involving the loading of "safe" file types from remote network locations. A company called Acros Security says this vulnerability works when a remote attacker plants a malicious DLL with a specific name on a network share and get the user to open a media file from this network eg using I-Tunes, requiring minimal effort by the attacker.
Microsoft Windows and about 40 applications that run on it are vulnerable to this form of attack and M$ are 'investigating'. As always, Facebook/Twitter etc users beware? |
BOAC,
Much as your vulnerability warning efforts are admirable, I would think you're putting yourself in a risky situation where people might start relying on you to issue the advisories ? Given the number of combinations of different software and different vulnerabilities you're going to have to start doing a lot more posting than you are at the moment to keep up with them all. Personally I would think the mods would do better to put a sticky at the top of the C&I forum giving links to well known sites that activley maintain lists of current security vulnerabilities (or "security advisories" as the software developers prefer to call them) .... as well as a set of FAQs which seem to come up time and time again here on C&I. |
A good idea and you should PM the mod?
people might start relying on you to issue the advisories Better forewarned than forlorn? |
A good idea and you should PM the mod? Better forewarned than forlorn? |
BOAC:
Many of these "vulnerabilities" are, IMHO, over-exaggerated in that the majority of users would never suffer from these security lapses. As long as one is careful/cautious/paranoid about what one does on the Interweb then the chances of suffering from one of these security issues is somewhat mitigated. |
RG - agreed, but how many Faceb o o k/Twitter/I-Tunes/whatever users fit that spec?:)
|
Correct BOAC. I've seen people do some very troubling things on sites like Facebook or Twitter. (Both of which I will never have an account on. NEVER.)
iTunes, on the other hand, is virtually problem-free. |
I'll write this very small, but it now looks as if at least 200 Windows applications are affected. There is a temporary fix if anyone is interested.
|
Microsoft information on 'the issue' and fixes
Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution Microsoft Security Advisory 2269637 Released - The Microsoft Security Response Center (MSRC) - Site Home - TechNet Blogs and the 'fix' A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm Over to the gurus now to decide if this is REALLY a problem or should we ignore it. |
First 3 apps named:
uTorrent BitTorrent client PowerPoint Firefox |
| All times are GMT. The time now is 12:17. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.