Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Issue Emergency Fix For Windows .LNK Flaw

Posted by Soulskill on from the tee-plus-two-weeks dept.

Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."

12 of 112 comments (clear)

  1. Re:Too bad, it's a great conversion tool. by poptones · · Score: 2, Insightful

    My GF uses ubuntu now and she's never touched linux before about a month ago. The only thing to "learn" is to lose the bad habits you pick up from a lifetime of windows use. Just back up your music, movies and emails and reload with ubuntu. Dual booting is poison because you will inevitably boot into windows more and more often because it is familiar and "easy." Just wipe out windows, reload the machine from the ground up with linux, use it for a month and you'll never go back. If you want to play games, buy a 360...

  2. Is copy-and-pasting"writing"? by Two99Point80 · · Score: 4, Insightful

    This is just a copy (minus links) of the article at Threatpost. How about at least crediting the source?

  3. The really interesting bit by HangingChad · · Score: 4, Insightful

    Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer.

    How do you suppose the crackers got a hold of Realtek's digital certificate? Seems to imply a level of sophistication that goes beyond most virus writers, many of whom are industry professionals these days. A government-backed organization maybe or well-funded industrial espionage.

    Behold the true face of cyberwar!

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:The really interesting bit by alphatel · · Score: 4, Insightful

      Agreed, who cares what the vulnerability is - exploits are never-ending. The digitally signed certificate is a sure-fire method of defeating a number of defense mechanisms and penetrate the MS core even further. As always, the benefit to the code writer is that any MS OS can be fooled, including server systems.

      --
      When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    2. Re:The really interesting bit by Anonymous Coward · · Score: 1, Insightful

      Virus authors aren't script kiddies anymore. They're trained software engineers. Remember Conficker? It had an implementation of MD6 only a few weeks after the specifications were release(It even contained a buffer overflow which was a fault in the specifications). However, to get a digital certificate signed, I'm guessing some bribery was in order. I'm guessing spam pays a lot these day, when it's done right.

    3. Re:The really interesting bit by AmberBlackCat · · Score: 2, Insightful

      So, if they had acquired the signature for Red Hat's online repository, Fedora wouldn't be vulnerable? If the user clicks yes to accept a Fedora key, that's less risky than clicking to accept a key on Windows?

  4. Re:Too bad, it's a great conversion tool. by RulerOf · · Score: 2, Insightful

    I hear you. Those damn Linux boot loaders can be hard to get rid of.

    Indeed. I've been using SYSLINUX and COM32 for some time now and I love them to pieces. They make NTLDR, and, to a lesser extent, the Windows Boot Manager, look like kids' toys.

    --
    Boot Windows, Linux, and ESX over the network for free.
  5. The real flaw on 3 different OS won't be fixed by Ilgaz · · Score: 3, Insightful

    For some reason, MS will shy away from mandadory CRL/OCSP checks. Bandwidth issues for 1 kb traffic?

    Realtek drivers, as they are software/hardware hybrid (more like softmodem) with unneccesarry junk like an extra control panel weights around 40 MB. Everyone knows it since we have to deal with their aspx powered weirdo site when vendors, including Apple Inc. installs old version of drivers. What kind of harm would Windows do asking certificate vendor (Verisign in this case) if the certificate is real?

    This is also a mistake by Apple too, they don't enable ocsp, at least to "best attempt" in fresh OS X install. You gotta do it in keychain utility preferences. Sad that, on OS X way of doing things, that would mean an instant security boost since native OS X apps uses the same framework for SSL comms.

    Funny is, this is also a problem on Symbian which doesn't rely on "app store". For example, on Nokia E71, one must live a complete usability hell if he/she enables "online certificate revocation check". They just couldn't fix the freaking UI and disabled online certificate check for signed symbian apps. So what happens if some dumb shareware vendor loses their certificate or they actually freely sign malware? You install AV. All this for saving (!) 1 KB of traffic.

    So, even if Verisign revokes it (or hurries, whatever), it won't have any effect until MS/Apple/Symbian (don't know others) wake up and enable certificate revocation checks by default in these days even your heater is connected to the internet.

  6. Re:Too bad, it's a great conversion tool. by orangeplanet64 · · Score: 2, Insightful

    If you want to play games, buy a 360...

    i want to play starcraft 2 you insensitive clod..

  7. Re:Too bad, it's a great conversion tool. by Jesus_666 · · Score: 2, Insightful

    If you want to play games, buy a 360...

    How do you install System Shock 2 on an X-Box 360? There are games that aren't supported by $CONSOLE but that people still want to play.

    If you want to do dualbooting right, just move all of your data to one of the Linux partitions and erase them from the Windows partition. Then uninstall the corresponding programs. Once you're unable to check your mail/chat/etc. in Windows you'll have a much smaller incentive to stay ther for longer than neccessary.

    --
    USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  8. Re:Windows 2000 users by Mhtsos · · Score: 2, Insightful

    This is especially important to anyone actually using the SCADA software this virus attacks. Some versions of WinCC are incompatible with XP (as in "only certified to run on windows 2000" i'm sure nothing technical prevents running in XP). So actually quite a large portion of the target group remains unpatched.

  9. Re:Realtek certificate by sjames · · Score: 2, Insightful

    Fine then, the question is why doesn't MS REVOKE the Realtek cert?

    The USEFUL answer is that they did.