Si inca una pe raboj: Microsoft a anuntat in urma cu cateva zile ca inca o vulnerabilitate a Windows-ului a fost identificata (senzational!) si imediat s-au luat masuri pentru “dresarea” acesteia.
Bresa a fost descoperita in วินโดวส์เชลล์ (componenta Windows OS) si cel mai probabil permite executarea de coduri malitioase prin remote (pana in prezent s-au raportat doar atacuri limitate si targetate).
In ce consta noua vulnerabilitatea din Windows?
Analizarea incorecta a shortcuturilor. Daca Windows-ul afiseaza iconul unui shortcut special pregatit de catre atacatori, acestia pot executa coduri malitioase prin intermediul acestuia. Vulnerabilitatea poate fi exploatata local, prin internmediul unui USB drive, หรือ ระยะไกล, ผ่าน sharing-urilor de retea และผ่าน WebDAV (extensii http care permit editarea si administrarea de fisiere prin intermediul serverelor remote). De asemenea, exploit-uri pot fi incluse si in diverse tipuri de fisiere care suporta fixarea/embeduirea de shortcut-uri-
Pentru ca inca se lucreaza la un update de securitate care sa rezolve aceasta problema din วินโดวส์เชลล์, Microsoft a pus la dispozitia userilor Windows o solutie temporara ใน Fix It Center-
| Enable workaround | Disable workaround |
|---|---|
Fix this problem
|
Fix this problem
|
Nota: Aplicarea acestei solutii temporare va inlocui reprezentarea grafica a iconurilor din Taskbar si Start Menu cu icon-uri simple, albe.
Pentru cei care prefera sa rezolve problema singuri, o pot face folosind ตัวแก้ไขการลงทะเบียน (inainte de a folosi aceasta metoda este necesara efectuarea unui back-up al registrilor, pentru a putea repara modificarile facute atunci cand va fi lansat patch-ul de securitate-
- เปิด การควบคุม -Start Menu->Search->regedit->เข้า) si navigati catre cheia HKEY_CLASSES_ROOTlnkfileshellexIconHandler. in panoul din dreapta, stergeti valoarea intrarii ค่าเริ่มต้น-
- navigati catre cheia HKEY_CLASSES_ROOTpiffileshellexIconHandler si stergeti valoarea intrarii ค่าเริ่มต้น din panoul din dreapta, apoi inchideti regedit
เพื่อ reseta valorile default ale registrilor modificati, este de ajuns sa importati in regedit backup-ul facut inainte ca modificarile sa fie efectuate, apoi restartati computerul. Sau puteti naviga din nou catre registrii de mai sus, si sa dati intrarilor ค่าเริ่มต้น ค่า {00021401-0000-0000-C000-000000000046} (valabila pentru ambele intrari).
Nota: Versiunile de Windows in care intalnim aceasta vulnerabilitate sunt urmatoarele:
- Microsoft Windows XP Service Pack 3, when used with:
- Microsoft Windows XP Home Edition
- ไมโครซอฟต์ วินโดวส์ XP มืออาชีพ
- Microsoft Windows Server 2003 Service Pack 2, when used with:
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Windows Vista Service Pack 1, when used with:
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Starter
- วินโดวส์วิสต้าอัลติเมท
- Windows Vista Service Pack 2, when used with:
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Starter
- วินโดวส์วิสต้าอัลติเมท
- Windows Server 2008 Service Pack 2, when used with:
- Windows Server 2008 Datacenter
- Windows Server 2008 Enterprise
- Windows Server 2008 Standard
- Windows 7 Enterprise
- Windows 7 Home Basic
- Windows 7 Home Premium
- วินโดว์ 7 มืออาชีพ
- Windows 7 Starter
- Windows 7 Ultimate
- Windows Server 2008 R2 Datacenter
- Windows Server 2008 R2 Enterprise
- Windows Server 2008 R2 Standard
