Saturday, July 17, 2010

Microsoft Windows Shell Shortcut Handling Code Execution Vulnerability
A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers or malware to compromise an affected system. This issue is caused by an error in the Windows Shell component when parsing shortcuts (*.LNK files), which could allow attackers to automatically execute a malicious binary by tricking a user into browsing a remote network or WebDAV share, or opening in Windows
Explorer a removable drive (e.g. USB) containing a specially crafted shortcut file.

Note: This vulnerability is being exploited in targeted attacks.

Independent researcher Frank Boldewin has uncovered evidence that the malware is targeting SCADA control systems, used to control industrial machinery in power plants and factories, and specifically Siemens WinCC SCADA systems.

"Looks like this malware was made for espionage," Boldewin
Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.

It's important to note that MS isn't listing some affected operating system...simply because they aren't supported officially - e.g. Windows XP SP2 and Windows 2000. They are vulnerable, therefore the listed workarounds should be evaluated for these OSs as well, if used in your environment.

While the idea that the trojan was made for espionage is currently just an educated guess, it goes without saying that worms that use the USB propagation vector would be well suited for reaching systems which might be air-gapped or otherwise well isolated.

The DoD found this out all too well in late 2008.
USB Flash Drive Network Weaponization

DoD Preparing To Lift USB Ban

No comments:

Post a Comment