Windows And 40 Software Programs Have Critical Code-Execution Vulnerability
According to a warning by one security researcher, attacks involving the execution of remote code can be easily carried out on Microsoft Windows as well as 40 other programs associated with it. TheRegister reported this on August 18, 2010.
Researchers found that the vulnerability responsible for the attack relates to the manner in which Windows installs files categorized as "safe" files via networks located remotely. Interestingly, this vulnerability is nearly the same as one which Apple recently removed from its iTunes software.
Says HD Moore the expert who created Metasploit an open-source toolkit for penetration testing, Apple patched the flaw in iTunes for Windows a few months back; nevertheless, it continues to stay in over 36 other Windows applications. Moore, however, neither spells out the affected applications' names nor the names of those who made them. InfoWorld published this on August 19, 2010
In an advisory, ACROS Security writes that to execute the attack, an attacker needs to load a malevolent Dynamic-link Library (DLL), with name specified on a shared network, so that the user can be tricked into viewing one media file in iTunes via that network. All this requires the least social engineering, according to the advisory that TheRegister reports.
Meanwhile, for Windows systems, where the Web Client facility runs by default, it's possible to access distantly-located network shares through WebDAV. Consequently, it becomes plausible to deploy the malevolent DLL too via a network share that's online provided the security firewalls let the outgoing HTTP traffic flow into the Internet.
Confirms Moore, the vulnerability exists in various Windows software. Also the bug became evident when he was investigating the shortcut flaw in Windows. Incidentally, the bug is a critical one, whose existence Microsoft admitted during July 2010 as well as patched it on August 2, 2010 via an emergency update. InfoWorld reported this.
States advisory, computer operators can remain safe from the attacks via blocking connections for outgoing server messages on WebDAV and ports 139 and 445. While this'll prevent Internet-based assaults, users can even then remain vulnerable to LAN-based assaults if a malevolent DLL is loaded onto a shared network.
Related article: Windows XP Fault Strike Firewall
» SPAMfighter News - 26-08-2010