« previous next »
Pages: [1]   Go Down

Author Topic: Microsoft Security Advisory (2286198)  (Read 1257 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11540
  • "Stronger than the past, united in our goal."
    • Security Garden
Microsoft Security Advisory (2286198)
« on: July 17, 2010, 12:33:45 AM »
Microsoft has released Security Advisory 2286198, which addresses a publicly reported vulnerability in Windows Shell. From the Security Advisory:

Quote
    "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives."

If AutoPlay is disabled, particularly for USB devices, in order for the vulnerability to be exploited, it would be necessary to manually browse to the root folder of the removable disk. AutoPlay for removable disks is automatically disabled on Windows 7. In the event you have enabled AutoPlay, it is strongly advised that it be disabled.

To disable AutoPlay the prerequisites in Microsoft KB Article 967715 must first be installed. If your computer is up-to-date, they are already installed. The KB Article also includes instructions on "How to disable the Autorun functionality in Windows".

Note that it is additionally reported on the MSRC Blog that, "In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware". For more information on Stuxnet, see the MMPC blog post. Of further interest, as the MSRC Blog reports

Quote
    "signatures in up-to-date versions of Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform protect customers against the Stuxnet malware."

References:
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11540
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Microsoft Security Advisory (2286198)
« Reply #1 on: July 21, 2010, 01:08:22 AM »
Microsoft updated Microsoft Security Advisory 2286198 to provide an automated "Fix It" solution to implement the workaround provided in the original Security Advisory release.

The Fix it disables .LNK and .PIF file functionality automatically on a computer that is running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server R2.

Complete details about the Fix it solution to both enable the workaround and disable it after a security update has been released are available in Microsoft KB 2286198.

NOTE: Applying the Fix it will require a restart of the machine.

After a security update is released for this vulnerability, you can undo the changes made by the Fix it solution by using Microsoft Fix it 50487.


References:

    * KB 2286198: Vulnerability in Windows Shell could allow remote code execution
    * MSRC Blog: Security Advisory 2286198 Updated
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Eric the Red

  • ISO/IEC 27001:2005
  • Administrator
  • Hero Member
  • *****
  • Posts: 1611
  • Would somebody please pass me a beer!
Re: Microsoft Security Advisory (2286198)
« Reply #2 on: July 27, 2010, 09:55:34 PM »
Sophos have released a free tool to mitigate the effects of this zero day exploit (I would hate to say it is a total cure).

Details of the tool may be found at this Sophos web page which includes a link to the download
Logged
"The time to start running is around about the "e" in "Hey, you!" "
Proud member Since 2004 

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11540
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Microsoft Security Advisory (2286198)
« Reply #3 on: August 01, 2010, 02:11:47 AM »
On Monday, August 2, Microsoft will release an Out of Band update addressing the vulnerability in Security Advisory 2286198.  As indicated by Christopher Budd in the MSRC Blog:
Quote
    "We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. Additionally, we're able to confirm that, in the past few days, we've seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers."

Details about the threat are available in the MMPC Blog.

MMPC Blog: Stuxnet, malicious .LNKs, ...and then there was Sality
MSRC Blog:  Out of Band Release to address Microsoft Security Advisory 2286198
TechNet:  Microsoft Security Bulletin Advance Notification for August 2010
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Pages: [1]   Go Up
« previous next »