Well it is always advisable to use an up-to-date OS and patch the OS with the available update files,if you donot do that then some person aware of the vulnerability in your system can plant an attack.Few days back i came across a security flaws in Microsoft's design,technically speaking it is called as "Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568)".
How does it Works?
Actually it a flaw in the Windows OS design,this is mainly caused by Windows control panel shortcut image display routine.The flaw is that windows incorrectly parses the shortcut in such a way that the trojan/malware code can be installed when the icon of the shortcut is displayed.The vulnerable file is shell32.dll and the vulnerable routine is contol panel related where the windows does correcctly manage the parameters of the shortcut file as shown in the image below.
Image source:http://community.websense.com
How the system can be exploited ?
The vulnerable system having this flaw (except Mac & Linux) can be exploited by using USB or through networks or CD/DVD.Since the Ms windows OS is unable to properly handle "lnk/pif" and automatically runs a file therefore an attacker can run any arbitrary code from USB,CD or through networks.
Since the milw0rm is down nowadays....i found the exploit in http://www.securityfocus.com/bid/41732/discuss ,here you can download the exploit file and use it for educational purpose.
Watch the Demo.....
Countermeasures....
1.You can download Sophos's windows shortcut protection tool to detect and block exploit from running.
(Download)
2.Read Microsoft Security Advisory(2286198) ,scan for available updates and patch them.
3.If you are really panic about this exploit then hop up to Mac or Linux.....lol.
4.If you are using a third party firewall and it has custom file blocking fuctions then you can use it to block "lnk/pif" shortcuts.
If you find this article worth reading then do drop a comment it will be appreciated.
How does it Works?
Actually it a flaw in the Windows OS design,this is mainly caused by Windows control panel shortcut image display routine.The flaw is that windows incorrectly parses the shortcut in such a way that the trojan/malware code can be installed when the icon of the shortcut is displayed.The vulnerable file is shell32.dll and the vulnerable routine is contol panel related where the windows does correcctly manage the parameters of the shortcut file as shown in the image below.
How the system can be exploited ?
The vulnerable system having this flaw (except Mac & Linux) can be exploited by using USB or through networks or CD/DVD.Since the Ms windows OS is unable to properly handle "lnk/pif" and automatically runs a file therefore an attacker can run any arbitrary code from USB,CD or through networks.
Since the milw0rm is down nowadays....i found the exploit in http://www.securityfocus.com/bid/41732/discuss ,here you can download the exploit file and use it for educational purpose.
Watch the Demo.....
Note:This expliot is possible on Win Xp/7/Vista etc.
Countermeasures....
1.You can download Sophos's windows shortcut protection tool to detect and block exploit from running.
(Download)
2.Read Microsoft Security Advisory(2286198) ,scan for available updates and patch them.
3.If you are really panic about this exploit then hop up to Mac or Linux.....lol.
4.If you are using a third party firewall and it has custom file blocking fuctions then you can use it to block "lnk/pif" shortcuts.
If you find this article worth reading then do drop a comment it will be appreciated.
IF YOU LIKED THE CONTENT OF THIS BLOG THEN DO "VOTE" FOR IT........
Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability(CVE-2010-2568)
Reviewed by Satyajit (Admins,a.k.a Satosys)
on
Thursday, July 29, 2010
Rating:
Reviewed by Satyajit (Admins,a.k.a Satosys)
on
Thursday, July 29, 2010
Rating:
1 comment:
Cool shortcuts, very useful. Thanks a bunch!!! I found a few more shortcuts here: http://www.usingcomputers.co.uk/tutorials/useful-windows-shortcuts.php its worth taking a look at combined with this article. Thanks, keep up the good posts!
Big Thanks :D :D