Microsoft rushes fix for Windows shortcut hole
A fast-spreading virus that exploits a .lnk Windows hole prompted Microsoft to announce a patch for release next week.
(Credit: Microsoft)Microsoft plans to release a patch on Monday for a flaw involving how Windows handles shortcut files, after seeing the hole being used to spread a particularly nasty and fast-spreading virus, the company said Friday.
Initially, the Windows flaw was used to spread the Stuxnet worm via USB drives. The vulnerability, which is in all versions of Windows, is in the code that processes shortcut files ending in ".lnk," according to the Microsoft advisory from two weeks ago that included information on a work-around.
Now there are copycat attacks in which the .lnk hole, or "shortcut hole," is being used in combination with a virus dubbed "Sality.AT," which has spread faster than the Stuxnet worm, Microsoft said in a Microsoft Malware Protection Center blog post.
"Although there have been multiple families that have picked up this vector, one in particular caught our attention this week--a family named Sality, and specifically Sality.AT," the post said. "Sality is a highly virulent strain. It is known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware. It is also a very large family--one of the most prevalent families this year."
The situation is dire enough for Microsoft to release what it calls an "out of band" patch instead of waiting a week to include the fix in its next scheduled Patch Tuesday, on August 10.
"In the past few days, we've seen an increase in attempts to exploit the vulnerability," Christopher Budd, senior security response communications manager at Microsoft, wrote in a post on the Microsoft Security Response Center blog. "We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
I'm kind of surprised no one has used WebDAV in conjunction with it yet.
Cue the Windows Fanboy Choir trying to spin this as some sort of non-problem in 5.. 4.. 3..
Your thinking of Apple fanboys, those are the ones that like to pretend there is no problem
And this is a very big problem. One that Microsoft discovered, informed its users, and is going to fix ASAP. kudos to Microsoft.
...but meanwhile the only true malware we really hear about are the Windows boxen going down.
"Cue the Windows Fanboy Choir trying to spin this as some sort of non-problem in 5.. 4.. 3.."
I think you need to change your needle- you keep skipping and skipping and skipping and ....
Now if you had something useful or productive to say, you migth get those Windows fanboys to listen to you, but when you just repeat your same diatribe time after time without any evidence, ignoring reality and then changing the subject when challenged to back up your comments with evidence, you will just damage your credibility.
My advice would be to try a new tactic- something not involving trolling.
@bild888:
Haven't seen any news of large companies being affected by this. I'm sure if there were, Random_walk would be all over it since that's what he lives for. Perhaps you can help him out with some evidence?
"The virus then writes an Autorun configuration file named "autorun.inf" pointing to the virus copy. When the drive is accessed from a computer supporting the Autorun feature, the virus is launched automatically."
Nice to know I'm not affected!
shellsodes_cpder says-"What can you expect from Random_Troller?"
@shellcodes_coder-Apparently the same thing we get from you whenever there is an Apple article. The truth hurts.
It's fun to say the sky is fallling. It gives the chicken littles of the world something to squawk about.
If Microsoft wasn't going to patch it for another month, then it might be significant, but for the mto push out a patch so fast? Probably will be a non-issue like so many other cases.
And you don`t lose your icon colors.
http://www.sophos.com/products/free-tools/sophos-windows-shortcut-exploit-protection-tool.html
http://www.grc.com/intro.htm
http://disableautorunusb.blogspot.com/
Hope this helps!
http://disableautorunusb.blogspot.com/
Hope this helps!
On the upside this virus spreads by installing itself as a 32-bit device driver, so x64 Windows should be immune, right?
>>>>I'm curious as to what you think this means. Do you think, as so many PC illiterate Mac cultists think, that status quo equals inherent security? Why don't you go tell that to Dino Dai Zovi, Charlie Miller, Nils, Marc Maiffret, Kaspersky, and the others? Tell them that ASLR means nothing, and that they only dreamt of taking down the Mac in drive-by downloads every single year at Pwn2Own. Tell it to Landon Fuller as well, who posted a PoC drive-by download for the Mac on his blog, which displayed, "I am executing an innocuous user process" in usr/bin/say on any Mac that visited.
Professional security researchers run penetration tests for a living; best you believe they know inherent security better than you do. And they agree that Windows Vista and 7 are harder to penetrate than Mac OS X. It's not because criminal hackers wouldn't make ANY money hacking Macs that they ignore you; it's because they would make LESS. Windows PCs outnumber Macs 18:1. That means hacking Windows is 18 times as profitable. PC illiterate Mac cultists like yourself continue to swear up and down that it's still all about bragging rights, for which black hats are surely clamoring. Meanwhile, back in the REAL world, cybercrime leapfrogged drug trafficking as the #1 most profitable criminal industry worldwide SIX years ago (2004).
The only defenses you have are Data Execution Prevention (DEP) and authentication, both of which can be had in XP SP2 or later with a limited user account. Yet SQL Slammer, Conficker, and others have no problem escalation privileges, which has been done on the Mac as well. Vista has had ASLR since 2006, and OpenBSD even earlier, while Apple have tried and failed twice thus far at unveiling a rendition of their own. They're lucky to have the obscurity advantage, because they aren't very good at writing code (they borrowed the kernel for OS X from FreeBSD and NetBSD, after all).
BTW, the exploit talked about in this blog is the most serious we have seen to date for Vista and 7, while Vista came out four years ago. And it still isn't a drive-by download; you have to plug in a flash drive (and you probably also have to have UAC turned off, or at its default setting in Windows 7), and either access it from Explorer or have AutoRun enabled, for this to work. In addition, I figured out how to lock down Windows 2000 and later using nothing more than the security permissions built into NTFS (Access Control Lists, or ACL) back in early 2007. And I haven't had a malware problem on XP or anything else since the fall of 2006, when I started taking security into my own hands.
If you emigrated to Apple just because you couldn't figure out how to secure Windows, then you cheated yourself. Apple will never measure up; as long as they stay snobbish and keep to themselves, Windows will always get all the third-party hardware and application support. I don't have to pay out the nose for an aesthetic Internet appliance that can't play Blu-ray or do much of anything else. I get the standard, a more powerful unit at half the cost (I can put that extra $800 toward a 256GB Torqx SSD...too late! I already did), and more freeware/open source titles than there are total titles for the Mac, Linux, Solaris, BSD, and all the rest combined...the best of both worlds!
http://invincible-windows.blogspot.com/
P.S.: You don't know Utopia, because I live there, and have never once seen you there.
"How come there are still malware, trojans, etc. being discovered on Windows Mobile?"
>>>>I'm not too familiar with phone platforms, but it could be that Windows Mobile is based on Windows CE, which is more familiar. Before black hats can start hacking into a platform, they have to learn its code. What do you think malware is made of? Are they bombs composed of jumbled, incoherent code? NO!!! They are programs in their own right, designed for specific purposes.
Up until 2006, Apple ran on PPC. This explains why Linux, whose market share is even lower than that of Swiss cheese OS X, has seen far more viruses; Linux ran on Intel, just like the big target, Windows. No one bothered to learn the architecture.
Now we have Intel Mac, which is a different animal. Yes, criminals are working on it. But they don't have ready access to source code like the white hats do; most exploits are written after a security bulletin comes out. That's why people who keep up with the latest updates usually don't get infected.
Don't think the iPhone has vulnerabilities that don't require jailbreaking? Tell that to Charlie Miller: http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html
"First, that iPhone flaw was over a year ago and has since been fixed (OOH, one flaw)."
>>>>Beg your pardon? The iPhone was hacked this year as well. It and the Mac were the first to go down at Pwn2Own 2010, remember? Just like a Mac user; you always assume the last flaw you read about is the last one they'll ever find. And by the way, publicized vulnerabilities are not the only vulnerabilities there are. The media don't hover over Charlie Miller every day at work; Pwn2Own is a high-profile hacker event that only takes place once a year.
"Also, I never said there were not issues with OS X but stop confusing malware and trojans with viruses."
>>>>Obviously, YOU don't know the difference between malware, Trojans, and viruses. First of all, both viruses and Trojans ARE malware. Secondly, the most dangerous threat according to security researchers is the drive-by download, as all it takes to be infected is for you to visit a Web site hosting the code. Because Apple hasn't managed to get ASLR right yet, OS X goes down easily. Thirdly, what do you think a virus is, and where do you think it comes from? Viruses are programs that make copies of themselves and infect other programs. This is not to be confused with a worm, which spreads from one computer to another (malware can have attributes of both classes, thereby becoming hybrids which can be referenced by either name). MOST bona fide "viruses" are not profit-driven, however; they are written out of hate, and usually target someone (e.g. a politician or high-profile clergyman). They are sent in attachments to "heartfelt" e-mail messages that are usually patriotic or religious in nature, and installed ONLY when the user opens the attachment.
Did you get that one? Viruses usually require user intervention to be installed. What in your mind makes it more difficult to infect the Mac with a virus, if drive-by downloads take it down so easily? I'm not going to give you the answer to this one; I want to watch you fall flat on your face again, by giving me the wrong answer. The only clue I'm going to give you is that viruses are no trick to make; drive-by downloads are way harder. That's why there are viruses for Vista, but no drive-by downloads yet.
Don't make the mistake of trying to sound like some kind of expert by talking down to another, unless you REALLY know what you're talking about. Obviously, you don't. That's why your method of securing your computer is paying out the nose for a second-rate machine that is less of a target. You just bit off more than you can chew, challenging me.
"This was not about OS X and you'd know that if you cared to really read my statement."
>>>>Had you bothered to read MY statement, then you would have noticed that my VERY FIRST sentence made that distinction. That said, if you knew anything about system software, then you would know that iOS is based on OS X and the same, Darwin kernel. Nice try at sounding like a guru, but you need to understand that this is NOT something you can fake. You have demonstrated that you don't even know what malware is, or how simple a virus is in comparison to modern exploits.
You also brought up the bragging rights argument, AFTER I told you that today's game is profit. Before I say anything else, allow me to inform you that there have been Mac viruses since the days of PowerPC, which gave Apple a twofold obscurity advantage (even Linux ran on Intel). That out of the way, do you think bragging rights smell sweeter to a starving Russian than fat wads lining his pockets? He's not going to waste his time focusing on a VIRUS without a target (most politicians and clergymen use Windows anyway), when he could be herding in bots with XP exploits, and renting his partitions out to spammers, click fraudsters, and pump-n-dump stock traders.
If you think for one second that you can win a debate against me by learning these things on the fly, then I will bury you. TRY me.
I have to upgrade video cards almost every year. Plus 3D application suck on macs, Maya2011 OUCH!
Premiere bugs for mac. OUCH. not mention the one button mouse OUCH. There are a million awesome tools that don't even exist for mac. And don't give me the...oh you mac hater.. i got a mac.......
i use it for music. about it about 3 years ago, it's obsolete now. I bought it for $1,999. The OS is completely useless. You can't install anything on that. To be honest. I felt like i just had bought an commodore 64. no joke. Sick of that candy bar freezing up playing a simple playlist.
I really don't know if i should laugh or cry when i see hardware noobs posting i love mac posts.
turns out after, i found out the machine was only 850MHz 128MB of video single core. I WAS WHAT??
My god, for two grand i could have put together a beast. Just saying it's a bit ridiculous.
Jc pants how is your copy of 3Dsmax running on your mac? let me know ;)
http://9to5mac.com/Autocad-mac
http://disableautorunusb.blogspot.com/
Hope this helps!
http://9to5mac.com/Autocad-mac
Windows is so full of security holes, back doors and such is the very reason it is a dream for hackers.
Microsoft won't scrap it and start over fresh with something else because if they did it wouldn't be Windows.
Microsoft keeps a lot of people employed because its products are so poorly designed and flawed.
Who told you the Mac is MORE secure than Windows, Apple? Gee, no possible way THAT could be subjective. I'll bet you'd believe them if they told you the world was flat, too. But just for the record, you got swindled:
http://www.google.com/search?q=mac+less+secure+than+windows&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Here is a bounty of articles for you to choose from. Read and weep.
- by frontier2002 August 3, 2010 10:59 PM PDT
- It's interesting to see every time Microsoft come up with its patches the threats will automatically follow suit after that. But now it even worse, both threat and patches come simultaneously
- Like this Reply to this comment
-
(54 Comments)