Microsoft To Issue Emergency Fix For Windows .LNK Flaw
112
Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."
Re:Too bad, it's a great conversion tool. (Score:3, Insightful)
Is copy-and-pasting"writing"? (Score:4, Insightful)
The really interesting bit (Score:5, Insightful)
Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer.
How do you suppose the crackers got a hold of Realtek's digital certificate? Seems to imply a level of sophistication that goes beyond most virus writers, many of whom are industry professionals these days. A government-backed organization maybe or well-funded industrial espionage.
Behold the true face of cyberwar!
Re:Too bad, it's a great conversion tool. (Score:3, Insightful)
I hear you. Those damn Linux boot loaders can be hard to get rid of.
Indeed. I've been using SYSLINUX and COM32 for some time now and I love them to pieces. They make NTLDR, and, to a lesser extent, the Windows Boot Manager, look like kids' toys.
The real flaw on 3 different OS won't be fixed (Score:4, Insightful)
For some reason, MS will shy away from mandadory CRL/OCSP checks. Bandwidth issues for 1 kb traffic?
Realtek drivers, as they are software/hardware hybrid (more like softmodem) with unneccesarry junk like an extra control panel weights around 40 MB. Everyone knows it since we have to deal with their aspx powered weirdo site when vendors, including Apple Inc. installs old version of drivers. What kind of harm would Windows do asking certificate vendor (Verisign in this case) if the certificate is real?
This is also a mistake by Apple too, they don't enable ocsp, at least to "best attempt" in fresh OS X install. You gotta do it in keychain utility preferences. Sad that, on OS X way of doing things, that would mean an instant security boost since native OS X apps uses the same framework for SSL comms.
Funny is, this is also a problem on Symbian which doesn't rely on "app store". For example, on Nokia E71, one must live a complete usability hell if he/she enables "online certificate revocation check". They just couldn't fix the freaking UI and disabled online certificate check for signed symbian apps. So what happens if some dumb shareware vendor loses their certificate or they actually freely sign malware? You install AV. All this for saving (!) 1 KB of traffic.
So, even if Verisign revokes it (or hurries, whatever), it won't have any effect until MS/Apple/Symbian (don't know others) wake up and enable certificate revocation checks by default in these days even your heater is connected to the internet.
Re:The really interesting bit (Score:4, Insightful)
Re:Too bad, it's a great conversion tool. (Score:2, Insightful)
If you want to play games, buy a 360...
i want to play starcraft 2 you insensitive clod..
Re:The really interesting bit (Score:1, Insightful)
Virus authors aren't script kiddies anymore. They're trained software engineers. Remember Conficker? It had an implementation of MD6 only a few weeks after the specifications were release(It even contained a buffer overflow which was a fault in the specifications). However, to get a digital certificate signed, I'm guessing some bribery was in order. I'm guessing spam pays a lot these day, when it's done right.
Re:Too bad, it's a great conversion tool. (Score:3, Insightful)
If you want to play games, buy a 360...
How do you install System Shock 2 on an X-Box 360? There are games that aren't supported by $CONSOLE but that people still want to play.
If you want to do dualbooting right, just move all of your data to one of the Linux partitions and erase them from the Windows partition. Then uninstall the corresponding programs. Once you're unable to check your mail/chat/etc. in Windows you'll have a much smaller incentive to stay ther for longer than neccessary.
Re:Windows 2000 users (Score:3, Insightful)
This is especially important to anyone actually using the SCADA software this virus attacks. Some versions of WinCC are incompatible with XP (as in "only certified to run on windows 2000" i'm sure nothing technical prevents running in XP). So actually quite a large portion of the target group remains unpatched.
Re:Realtek certificate (Score:3, Insightful)
Fine then, the question is why doesn't MS REVOKE the Realtek cert?
The USEFUL answer is that they did.
Re:The really interesting bit (Score:3, Insightful)