Don’t Take Shortcuts With Security
Rik Ferguson, 20/07/2010, posted in "Analysis"
As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organizations. Recognized as an industry ...more info
As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organizations. Recognized as an industry thought leader and analyst, Rik is regularly quoted by the press on issues surrounding Information Security, Cybercrime and technology futures. With over fifteen years experience in the IT Industry with companies such as EDS, McAfee and Xerox Rik’s broad experience enables him to have a clear insight into the challenges and issues facings businesses today. ...less info
On the 16th of July Microsoft released Security Advisory 2286198 confirming an as yet unpatched vulnerability in Windows Shell that exposes all users of all current versions of Microsoft Windows to very real risk of attack and infection.
According to Microsoft “The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.” So what does that mean in plain language?
It means that if any user of Microsoft Windows opens a folder containing a shortcut which has been designed to exploit this vulnerability, they will be infected. No opening of files required, simple browsing is enough.
Although Microsoft have stated that “This vulnerability is most likely to be exploited through removable drives” users should be on their guard against all shortcut files whose authenticity they cannot guarantee. This same vulnerability could be exploited though contaminated file shares or something as simple as a malicious compressed archive such as a zip file.
Worryingly, the malware that was first exploiting this vulnerability appeared to be highly targeted, looking for Siemens WinCC SCADA systems, SCADA systems are routinely used in the control of utilities such as power and water and also in large-scale manufacturing. Siemens were warning their customers of this as early as July 14th.
The source code for this malware is now in open distribution, (and incorporated into the Metasploit framework) and we can expect to see widespread criminal adoption of this technique from this point.
For now the best defence against attacks is contained within the Microsoft Security Advisory; disable the displaying of icons for shortcuts and disable the WebClient service.
Subscribe via RSS or via email
