ATTACK ALERT - Zero Day Vulnerability in all versions of Windows

Submitted by nathan on Mon, 07/19/2010 - 21:34

Team Blog

According to this article from F-Secure there is a massive hole in Windows Shell that's being actively exploited by the Stuxnet Rootkit. According to the article, the best available work-around at the moment is:
• Disable the displaying of icons for shortcuts
• Disable the WebClient service

Sophos releases free tool to prevent execution of the exploit

Submitted by nathan on Tue, 07/27/2010 - 08:32.

Security firm Sophos has released a free tool to protect vulnerable computers (e.g., anything running Windows) from this exploit. Information on the tool and a download link are available below:

http://www.sophos.com/security/topic/shortcut.html

Zeus bot now taking advantage of this flaw

Submitted by nathan on Tue, 07/27/2010 - 08:22.

According to this article over at The Register, the Zeus cybercrime toolkit is now taking advantage of this vulnerability. From the article:

Security firm F-Secure reports the appearance of strains of Zeus that take advantage of the same security hole exploited by the Stuxnet worm. Zeus-contaminated emails pose as security messages from Microsoft, containing contaminated ZIP file attachments laced with a malicious payload that utilises the lnk flaw to infect targeted systems.

Microsoft is advising users to apply temporary workarounds while its security researchers investigate the shortcut flaw, a process likely to eventually result in a patch.

Metasploit module now available to exploit the LNK vulnerability

Submitted by nathan on Mon, 07/19/2010 - 21:39.

Fresh in from the 'from bad to worse' category, there is now a Metasploit plugin to make it even easier to exploit the recently released zero day in all versions of MS Windows. Full details are available Here

Primary links

Search

Navigation

ATTACK ALERT - Zero Day Vulnerability in all versions of Windows

Sophos releases free tool to prevent execution of the exploit

Zeus bot now taking advantage of this flaw

Metasploit module now available to exploit the LNK vulnerability


Primary links Home About Us Testimonials Contact Us Internet Cafe' Previously Loved Equipment For Your Home For Your Office On The Web Our Web Design Portfolio Message Boards Articles Events Calendar Site Map Feed Support Search Search this site: Navigation Recent posts Feed aggregator	ATTACK ALERT - Zero Day Vulnerability in all versions of Windows Submitted by nathan on Mon, 07/19/2010 - 21:34 Team Blog According to this article from F-Secure there is a massive hole in Windows Shell that's being actively exploited by the Stuxnet Rootkit. According to the article, the best available work-around at the moment is: • Disable the displaying of icons for shortcuts • Disable the WebClient service ‹ Buyer Beware - If you're hiring someone to build your website, find out who will own the final product iPhone 3G upgrade to iOS 4 and then, no wifi › » Login or register to post comments Sophos releases free tool to prevent execution of the exploit Submitted by nathan on Tue, 07/27/2010 - 08:32. Security firm Sophos has released a free tool to protect vulnerable computers (e.g., anything running Windows) from this exploit. Information on the tool and a download link are available below: http://www.sophos.com/security/topic/shortcut.html » Login or register to post comments Zeus bot now taking advantage of this flaw Submitted by nathan on Tue, 07/27/2010 - 08:22. According to this article over at The Register, the Zeus cybercrime toolkit is now taking advantage of this vulnerability. From the article: Security firm F-Secure reports the appearance of strains of Zeus that take advantage of the same security hole exploited by the Stuxnet worm. Zeus-contaminated emails pose as security messages from Microsoft, containing contaminated ZIP file attachments laced with a malicious payload that utilises the lnk flaw to infect targeted systems. Microsoft is advising users to apply temporary workarounds while its security researchers investigate the shortcut flaw, a process likely to eventually result in a patch. » Login or register to post comments Metasploit module now available to exploit the LNK vulnerability Submitted by nathan on Mon, 07/19/2010 - 21:39. Fresh in from the 'from bad to worse' category, there is now a Metasploit plugin to make it even easier to exploit the recently released zero day in all versions of MS Windows. Full details are available Here » Login or register to post comments
© Copyright 2002-2008, Cyber Tech Cafe, LLC 1010 N. Tennessee Street, Suite 102 Cartersville, GA 30120 770-386-8900

Primary links

Search

Navigation

ATTACK ALERT - Zero Day Vulnerability in all versions of Windows

Sophos releases *free* tool to prevent execution of the exploit

Zeus bot now taking advantage of this flaw

Metasploit module now available to exploit the LNK vulnerability

Sophos releases free tool to prevent execution of the exploit