Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Zero-day Windows bug problem worse than first thought.....


23 Aug 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Zero-day Windows bug problem worse than first thought.....

Quote:

An unpatched problem with Windows applications is much worse than first thought, with hundreds of programs, not just 40, vulnerable to attack, a Slovenian security company said today.

"It was a shocking surprise," said Mitja Kolsek, CEO of Acros Security. "It appears that most every Windows application has this vulnerability."

Yesterday, American researcher HD Moore announced that he had stumbled on about 40 Windows applications with a common vulnerability, but declined to name the programs or go into detail about the bug.

Today, Kolsek said that Acros has been digging into a new class of vulnerabilities for months, has found more than 200 flawed applications harboring more than 500 separate bugs, and reported its findings to Microsoft more than four months ago.

In other words, the problem is much more widespread than Moore let on Wednesday.
"We examined a bunch of applications, more than 220 from about 100 leading software vendors, and found that most every one had the vulnerability," said Kolsek. Acros built a specialized tool to help its researchers pinpoint which applications were vulnerable.

According to Kolsek, the bug is in how most applications load and execute code libraries -- ".dll" files in Windows -- and executables, including ".exe" and ".com" files. He dubbed the class of bugs as "remote binary planting," and said the flaws could be easily exploited.

More -
Zero-day Windows bug problem worse than first thought, says security expert | Security Central - InfoWorld

My System SpecsSystem Spec
.

24 Aug 2010   #2

Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
 
 
Security Advisory 2269637

Microsoft has issued an advisory on this problem with information and work arounds.

Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution

Jim
My System SpecsSystem Spec
24 Aug 2010   #3

Windows 7 & Windows Vista Ultimate
 
 

People most likely to be impacted are those who use P2P file-sharing programs. Bold added to pertinent information from the Mitigating Factors in the Security Advisory:

This issue only affects applications that do not load external libraries securely.

For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
My System SpecsSystem Spec
.


24 Aug 2010   #4

Windows 7 Home Premium 64 bit
 
 

Thanks for the heads up Jan.
Put like that it sounds a pretty remote chance of getting a problem, Corrine. Think I'll stay close to home until it's fixed though.
My System SpecsSystem Spec
25 Aug 2010   #5

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Phone Man View Post
Microsoft has issued an advisory on this problem with information and work arounds.

Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution

Jim
Bill Pytlovany to the rescue with a simple work around for WinPatrol PLUS users!

Twitter / Corrine (MVP): RT @WinPatrol: WinPatrol P ...
Quote:
RT @WinPatrol: WinPatrol PLUS users add protection from DLL(CWDIllegalInDllSearch) vulnerability BillP Studios - WinPatrol Registry Monitoring Scripts
My System SpecsSystem Spec
Reply

 Zero-day Windows bug problem worse than first thought.....




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:13 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33