M32 Security » microsoft

Highly-Dangerous Zero-Day Windows Shell LNK Exploit Discovered

Kyle — Sat, 17 Jul 2010 19:38:22 +0000

This one isn’t good. In fact, it’s downright scary. This exploits a vulnerability in Windows’ handling of LNK files. It affects ALL versions of Windows; at least all currently supported versions. No mention all unsupported versions, but assume they are affected as well. It is already being exploited by the Stuxnet rootkit and most likely many more nasty things very, very soon. Microsoft’s solution in Security Advisory 2286198 is to disable AutoRun completely, disable displaying of icons for programs, and disabling the WebClient service. That means disabling WebDAV and pretty much disabling icons for program links. It currently has an extremely high level of impact due to the simple nature of exploit. It is advised that antivirus is updated immediately (as in yesterday) as well as firewall inspection signatures are kept up-to-date to mitigate this.

US-CERT Vulnerability Note VU#940193

F-Secure Notice & Info

Discovered by VirusBlockAda on June 17

CVE-ID CVE-2010-2568

NVD-ID CVE-2010-2568

Article in The Register

Tags: 2010-2568, 2286198, 940193, cve, lnk file, microsoft, webclient service, Windows, zero day

Microsoft adds free root certificate authority to Windows

Kyle — Wed, 18 Nov 2009 20:30:06 +0000

Microsoft adds free root certificate authority to Windows

Tags: free microsoft, free root, microsoft, microsoft certificate, root certificate authority, windows microsoft

Critical Microsoft Vista/2008/Windows 7 Zero-day Remote BSOD Found

Kyle — Wed, 09 Sep 2009 00:24:06 +0000

Remember back in the days of Windows 95 when someone could use the OOB attack to remotely BSOD a PC? Well now you can relive your youth with a classic throwback from Microsoft! Windows Vista, 2008, and 2007 of all variants all have a similar vulnerability that allows a remote attacker take your machine down with a simple ampersand. Leave it up to Microsoft to do it all again more than a decade later.

The SMB 2.0 driver in x86 and x64 versions of Windows Vista, Server 2008, and Windows 7 are all one in the same. When sent the “&” character in the “Process ID High” SMB header, the process pagefaults and brings us the beloved Blue Screen of Death we’ve all come to know and love.

Credit goes to Laurent Gaffié and you can find the Proof-of-Concept on his blog.

Tags: ampersand, attack, attacker, blue screen of death, BSOD, Laurent Gaffié, microsoft, microsoft vista, microsoft windows vista, OOB, process id, proof of concept, SMB, throwback, versions of windows vista, vulnerability, zero day

Microsoft DirectShow ActiveX Buffer Overflow exploit in the wild

Kyle — Mon, 06 Jul 2009 17:50:48 +0000

Be sure to check for patches and network security appliance definitions/signatures today, Microsoft has been reminded again of why people hate ActiveX; Secunia is reporting a nasty new DirectShow Buffer Overflow attack is in the wild. This one is very dangerous, as it exploits the built-in DirectShow control in Internet Explorer (msvidctl.dll) by using specially-crafted image content to create a boundary error and subsequently cause a stack-based buffer overflow allowing the attacker to execute arbitrary code on the compromised machine.

The worst part? It’s already being actively used by bad people. Although Secunia’s site currently shows Windows XP as the only OS vulnerable, I wouldn’t be surprised to see more versions of Windows tacked on in the near future.

More information can be found here.

Tags: ActiveX, activex buffer overflow, Advisory, attack, based buffer overflow, boundary, Buffer, buffer overflow attack, code, DirectShow, dll, image content, internet explorer, microsoft, microsoft directshow, msvidctl, network security appliance, Overflow, secunia, stack overflow

Former Microsoft Exec to Direct US Cybersecurity

Kyle — Thu, 11 Jun 2009 08:03:04 +0000

I found this gem today. Great to hear we have some guy from Microsoft running the Cybersecurity show in the USA (that was sarcasm):

The Department of Homeland Security (DHS) appointed former Microsoft executive Philip Reitinger as director of the National Cybersecurity Center.
In an announcement earlier this week, DHS Secretary Janet Napolitano filled three positions that support cybersecurity operations at DHS. Also appointed were Greg Schaffer as assistant secretary for cybersecurity and communications and Bruce McConnell as counselor tothe National Protection and Programs Directorate (NPPD) Deputy Under Secretary.
Reitinger fills the NCSC post left vacant with the departure of Rod Beckstrom. Beckstrom resigned in March citing his frustration with cybersecurity planning between federal agencies and the lack of funding for cybersecurity issues. Reitinger will also continue to serve as Deputy Under Secretary for the NPPD, a post he was appointed to in March.
KBT Computers, Jun 2009

Read the rest over at KBT Computers’ Blog

Tags: bruce mcconnell, cybersecurity, cybersecurity center, department of homeland, department of homeland security, deputy under secretary, espionage, frustration, greg schaffer, janet napolitano, kbt, microsoft, microsoft exec, microsoft executive, network security, nppd, obama, rod beckstrom, sarcasm, Security, white house