Update on the DLL-preloading remote attack vector

Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Continue reading “Update on the DLL-preloading remote attack vector”

Critical Windows Patch for .lnk exploit

Hi guys,

Check out this website for the available download for the .lnk exploit.

Qoute from Microsoft:

“This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

◦Vulnerability in the Windows kernel

Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.

Read more about this vulnerability here.

Out-of-band security bulletin from Microsoft

*** UPDATE January 22 2010 ****

Download information for the patch.

This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on January 21, 2010. The bulletin will be for Internet Explorer to address limited attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities rated ‘Critical’ that are not currently under active attack.

See the Microsoft Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx.

Microsoft announces additional patch

Microsoft announces today that they will release a critical patch for the “zero-day” leak. This leak has caused serveral attacks to huge company’s such as Google, Northropp Grumman etc. This patch will be released outside of the usual patch tuesday window.

When the patch is released is still not available. When the patch is release we will post a link to this patch.

In the meantime you can take action by scanning your server of computer by using this patch.

Enable Application Compatibility Database Disable Application Compatibility Database