"Microsoft needs to fix the core issue," echoed Wisniewski Monday. The next regularly-scheduled Windows security updates are to ship in two weeks, on Aug. Microsoft has promised to patch the shortcut parsing bug, but has not yet disclosed a timeline. "Then it looks to see if that's calling an executable or.
"The tool looks at each shortcut to see whether it includes a code path with the vulnerable call," said Wisniewski, talking about the specific Windows call that many researchers have pinpointed as the core problem. The shortcut protection tool works by replacing Windows' own icon handler, then intercepting Windows' shortcut files - identified by the ".lnk" extension - and warning when it spots a suspicious shortcut. And the tool doesn't modify Windows or other files, so it's not really a patch." "We're not suggesting that users not apply the Microsoft patch when it's ready. "This is a reasonably unique situation in that we can put ourselves in the way of attacks," he said. Wisniewski defended Sophos' release of the tool. The Sophos tool leaves shortcut icons untouched.
Microsoft's advice has been to disable the displaying of shortcuts, a move many users may resist since it makes much of Windows almost unusable. Nearly 60% of the PCs identified by security vendor Symantec that have been infected by Stuxnet are located in Iran, a statistic that's sparked speculation that the country's infrastructure may have been targeted for attack. Hackers gained control of computers at at least one German customer of Siemens with the shortcut-exploiting "Stuxnet" worm, the electronics giant has confirmed. Two weeks ago, Siemens alerted customers of its Simatic WinCC management software that attacks using the vulnerability were targeting computers used to manage large-scale industrial control systems, often called SCADA, for "supervisory control and data acquisition." Initial attacks using the shortcut vulnerability were aimed at major manufacturing and utility companies. A day later, Microsoft confirmed the bug and admitted that attackers were already exploiting the flaw.Īll versions of Windows contain the vulnerability, including the preview of Windows 7 Service Pack 1 (SP1), and the recently retired-from-support Windows XP SP2 and Windows 2000.Įxploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.
0 kommentar(er)
