What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Huge blow to Microsoft Window Security

MikesTooLz

iPF Novice
Joined
May 7, 2010
Messages
2,361
Reaction score
20
Location
Miami, FL
Website
Weather.Team
There is a new windows vulnerability that effects all versions of windows including older versions like windows 2000, NT, XP SP2 are no longer receiving updates from Microsoft due to them no longer being supported.

User does not have to run a file to trigger this type of worm. Simply having a files icon displayed will trigger the malicious code. Even displaying a favicon icon that is from opening a website can trigger the malicious code to run on the users computer.


Hopefully microsoft will jump on this quick and release updates for even those older versions of windows that no longer recieve updates.


http://arstechnica.com/microsoft/news/2010/07/new-windows-shortcut-zero-day-exploit-confirmed.ars


basically all windows users right now are vulnerable and can be infected via USB, network share, websites, etc...
 
Last edited:

iPadCharlie

iPF Noob
Joined
Jun 19, 2010
Messages
4,231
Reaction score
8
Hopefully microsoft will jump on this quick and release updates for even those older versions of windows that no longer recieve updates.
"Screw 'em! They should have upgraded to Windows7 when they had the chance!"
Bill Gates
 
OP
MikesTooLz

MikesTooLz

iPF Novice
Joined
May 7, 2010
Messages
2,361
Reaction score
20
Location
Miami, FL
Website
Weather.Team
Hopefully microsoft will jump on this quick and release updates for even those older versions of windows that no longer recieve updates.
"Screw 'em! They should have upgraded to Windows7 when they had the chance!"
Bill Gates

Windows 7 Is also effected, the problem is with all versions of windows. If they don't put out a fix all older systems that have not installed the latests versions of windows could become infected by simply browsing a website or receiving an email.

MS has come out with a "Quick Fix" until they are able to figure out how to put out a real fix. All this quick fix does is change some registry values to disable the displaying of all shortcut icons, instead you just get a white box.


Make me glad I switch over to my MAC.
 
Last edited:

Drag Bunt

iPF Novice
Joined
Jul 13, 2010
Messages
151
Reaction score
0
Location
the 'burbs of @lanta
latests versions of windows could become infected by simply browsing a website or receiving an email.

The article you linked says

The current in-the-wild attacks are using USB keys to distribute the shortcuts, but the attack could equally use network shares or local disks.
There's no mention there of "simply browsing a website or receiving an email".

Let's not make stuff up. Plugging a questionable USB key into your computer or network is a dumb idea, even on a Mac.
 
OP
MikesTooLz

MikesTooLz

iPF Novice
Joined
May 7, 2010
Messages
2,361
Reaction score
20
Location
Miami, FL
Website
Weather.Team
latests versions of windows could become infected by simply browsing a website or receiving an email.

The article you linked says

The current in-the-wild attacks are using USB keys to distribute the shortcuts, but the attack could equally use network shares or local disks.
There's no mention there of "simply browsing a website or receiving an email".

Let's not make stuff up. Plugging a questionable USB key into your computer or network is a dumb idea, even on a Mac.

That article doesn't mention it. but others have tested it out with favicon icons for websites and it works. I also watched the security Now podcast a few hours ago and Steve Gibson of Gibson Research said the same thing about it working with favicon icons for websites.

The favicon is set to launch and execute a separate malicious file thats on the web server just like how the shortcuts launch a separate malicious file on USB drives and network shares.
 
Last edited:

cmalinowski

iPF Noob
Joined
Jun 10, 2010
Messages
73
Reaction score
0
Windows 7 Is also effected, the problem is with all versions of windows. If they don't put out a fix all older systems that have not installed the latests versions of windows could become infected by simply browsing a website or receiving an email.

From the latest posted above:
drive-by attacks using IE6, IE7, IE8 and IE9 were successful on Windows XP, but not on the newer Windows 7. "It looks like Windows 7 has some additional magic which creates a pop-up [warning], and I suspect Vista is the same," said Moore.

Although I'm guessing most people will ignore those pop-ups anyway :)
 

Most reactions

Latest posts

Top