Windows Vulnerable to Code Execution Bug
The bug was patched for Apple's iTunes media player for Windows and VMware but patching the bug for the rest of the applications remains a great challenge. The CEO of Slovenia-based application security consultancy Acros Security, Mitja Kolsek, was quoted in an interview to have said that every Windows application requires a distinct patch for itself.
According to Acros, they have already examined 220 applications
Roughly 200 of those are affected by what they deemed as the "binary-planting bug".
Kolsek adds that the number of affected applications can go way beyond 200, saying that the ones they tracked were those that were "exploitable" whenever a person double-clicks on a file or does several actions on the menu.”
Acros researchers took the initiative to inform Microsoft about the issue as early as around four months ago. They have also collaborated with Microsoft security experts in order to hasten their arrival to a solution. Kolsek reported that Microsoft might have the ability to deliver a "quick fix" for the moment, as they work on a more stable and longer-lasting solution.
The parties did their best to keep the problem a confidential. However, news regarding the bug spilled out on August 18. On the same day, a representative from Microsoft reported that they are already looking into the issue. She promised on their behalf to give out supplemental information after they finish the query.
Very little was revealed on the matter, other than that disclosed on a review that Acros published regarding the patch for iTunes. It stated that the bug lets attackers open malicious code on Windows systems by forcing its media player to load a file that is on the same network share as a nasty DLL file. Kolsek added that there were also reports that the bug could run other executable files and binaries.
While a permanent solution has not yet been reached, people should avoid the bug by deterring outbound SMB connections on ports 139 and 445 as well as on WebDAV. However, Kolsek reminds people that taking these aforementioned precautionary measures cannot put off possible dangers from local networks themselves. Big corporations or groups should be wary with this news, since jeopardizing a single computer might lead to corruption of all their computers, especially knowing that the external firewall cannot hinder such attacks from occurring.”
Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software
SecPoint is specialized to deliver the best IT security solutions and products.