by
The new vulnerability discovered in Windows Shell
The new vulnerability discovered in Windows Shell
And one more on the raboj: Microsoft announced a few days ago that another Windows vulnerability was identified (sensational!) and immediately measures were taken to "train" it.
Bresa was discovered in Windows Shell (component Windows OS) and most likely allows the execution of malicious codes remotely (so far only limited and targeted attacks have been reported).
What is the new vulnerability in Windows?
Incorrect analysis of shortcuts. If Windows displays the icon of a shortcut specially prepared by the attackers, they they can execute malicious code through it. Vulnerability can be operated locally, through the medium of a USB drive, or remote, through network shares and through WebDAV (extensions http which allow editing and managing files through remote servers). Also, exploit-uri pot fi incluse si in diverse tipuri de fisiere care suporta fixarea/embeduirea de shortcut-uri.
Pentru ca inca se lucreaza la un Security update care sa rezolve aceasta problema din Windows Shell, Microsoft a pus la dispozitia userilor Windows o solutie temporara in Fix It Center.
| Enable workaround | Disable workaround |
|---|---|
Fix this problem
|
Fix this problem
|
Nota: Aplicarea acestei solutii temporare va inlocui reprezentarea grafica a iconurilor din Taskbar si Start Menu cu icon-uri simple, albe.
Pentru cei care prefera sa rezolve problema singuri, o pot face folosind the register editor (inainte de a folosi aceasta metoda este necesara efectuarea unui back-up al registrilor, pentru a putea repara modificarile facute atunci cand va fi lansat patch-ul de securitate):
- open regedit (Start Menu->Search->regedit->Enter) si navigati catre cheia HKEY_CLASSES_ROOTlnkfileshellexIconHandler. in the right panel, delete the input value Default.
- navigate to the key HKEY_CLASSES_ROOTpiffileshellexIconHandler and delete the input value Default from the right panel, then close regedit
In order to reset the default values of the registers modified, it is enough to imported in regedit the backup made before the changes are made, then restart the computer. Or you can navigate again to the registries above, and enter the entries Default the value {00021401-0000-0000-C000-000000000046} (valid for both entries).
Note: The Windows versions in which we encounter this vulnerability are the following:
- Microsoft Windows XP Service Pack 3, when used with:
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows Server 2003 Service Pack 2, when used with:
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Windows Vista Service Pack 1, when used with:
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Starter
- Windows Vista Ultimate
- Windows Vista Service Pack 2, when used with:
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Starter
- Windows Vista Ultimate
- Windows Server 2008 Service Pack 2, when used with:
- Windows Server 2008 Datacenter
- Windows Server 2008 Enterprise
- Windows Server 2008 Standard
- Windows 7 Enterprise
- Windows 7 Home Basic
- Windows 7 Home Premium
- Windows 7 Professional
- Windows 7 Starter
- Windows 7 Ultimate
- Windows Server 2008 R2 Datacenter
- Windows Server 2008 R2 Enterprise
- Windows Server 2008 R2 Standard
The new vulnerability discovered in Windows Shell
You may also be interested in...
