Twitter / mailforlen

Newly leaked info

« the joke with the chip against GSM radiation | HomePage | background checks are for dummies, even in the US army..... »

12/15/2008

patch and update your windows : new 0day against Wordpad used in targeted attacks

Why you must make a priority of updating your windows machines is clear when you see that machines that are updated and patched are NOT vulnerable

Affected Software

Microsoft Windows 2000 Service Pack 4

Windows XP Service Pack 2

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

Non-Affected Software

Windows XP Service Pack 3

Windows Vista and Windows Vista Service Pack 1

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for Itanium-based Systems

What is the exploit

THe attacker could send in an attachment and invoke wordpad with it and through wordpad the code in this document could invoke the same applications as the rights of the current user (if the user has administrator access to telnet, CMD and so on)

This is the microsoft explication

"When Microsoft Office Word is installed, Word 97 documents are by default opened using Microsoft Office Word, which is not affected by this vulnerability. However, an attacker could rename a malicious file to have a Windows Write (.wri) extension, which would still invoke WordPad. This file type can be blocked at the Internet perimeter"

The spread for the moment is in targeted attacks. So if you think that you could be a victim of a targeted attack (bank, government, police, ......) you should take this into account.

In my view Block all extensions WRI in the mail so they can at least be doublechecked. How an antivirus will be able to detect normal text/code from malicious is an open question. That is why you need human guards at your digital ports/entrance.

11:26 | Permalink | Comments (0) | Email this | |  del.icio.us | | Digg! Digg |  Facebook

Post a comment