Critical vulnerability in 40 Windows applications
It turns out that the bug in Apple iTunes under Windows , closed in version 9.1, turned out to be much more serious than expected. According to H.D. Moore (author of the well-known Metasploit program), it is not exclusive to iTunes, but is present in about 40 other Windows programs, including the Windows shell, and Microsoft cannot close it with a single patch. For each application will have to release a separate update.
Application names are not reported, so as not to give a mechanism to create an exploit. However, H. Moore noticed that this bug is similar to the recently discovered by Belarusians vulnerability with Windows shortcuts , which was closed by an extraordinary Microsoft patch of August 2. HH Moore discovered a new vulnerability just when he was studying a bug with labels. Here, an attacker can load the victim .dll onto the victim’s machine after the user opens the “safe” file from the network drive. The attack is possible through a browser or other program, for example, office applications with embedded content.
The security recommendations are the same as last time: blocking outbound SMB (TCP ports 139 and 445) and disabling the WebDAV client.
Application names are not reported, so as not to give a mechanism to create an exploit. However, H. Moore noticed that this bug is similar to the recently discovered by Belarusians vulnerability with Windows shortcuts , which was closed by an extraordinary Microsoft patch of August 2. HH Moore discovered a new vulnerability just when he was studying a bug with labels. Here, an attacker can load the victim .dll onto the victim’s machine after the user opens the “safe” file from the network drive. The attack is possible through a browser or other program, for example, office applications with embedded content.
The security recommendations are the same as last time: blocking outbound SMB (TCP ports 139 and 445) and disabling the WebDAV client.
')
Source: https://habr.com/ru/post/102271/
All Articles