Vulnerability in Windows Shell could allow remote code execution
|
D-SWAT
We had released the news for 0-day vulnerability in Windows Shell last week. The original news is HERE.
Microsoft has updated their security advisory 2286198 to describe further attack vectors for this vulnerability. The vulnerability can be exploited using .LNK files on removable drives, via WebDav and network shares, using .PIF files as well as .LNK, and documents that can have embedded shortcuts within them.
As demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
Workarounds:
1. Microsoft recommends that coustomers use the automated Microsoft "Fix it" solution to enable or disable the workaround.
For the detail information, please refer to Microsoft Knowledge Base Article 2286198.
2. D-SWAT has gotten the exploit code and virus samples. The related DT-AV and DT-AI signatures are listed below.
DT-AV:
99330 Trojan.Stuxnet!DT
DT-AI:
5468 Malicious MPF DNS
5469 Malicious todaysfutbol DNS
Please keep AV and AI signatures up to date.
References:
http://www.microsoft.com/technet/security/advisory/2286198.mspx
http://support.microsoft.com/kb/2286198
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2568
http://www.kb.cert.org/vuls/id/940193
|
The information from Draytek Corp.
About DrayTek
DrayTek Corp., founded in 1997, is a global provider
of comprehensive network security, remote access
and VoIP solutions for residential/small office
and Small and Medium Enterprises(SME) use. To
meet the needs of customers for quality and cost-effectiveness,
DrayTek, with technologies integrated with real-time
Anti-Virus/Anti-Intrusion system, VPN, VoIP and
xDSL broadband access, has successfully delivered
total network protection worldwide. For more information,
please visit the company's website at http://www.draytek.com.
Press Contact:
DrayTek Marketing Dept.
press@draytek.com |
