Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Downloads Folder: A Binary Planting Minefield

From: Kurt Dillard <kurtdillard () msn com>
Date: Mon, 20 Feb 2012 13:50:01 -0300
Mitja,
The #1 item on your list of countermeasures should be to advise people to
not run with admin privileges in general and especially when surfing the
web. Your #5 item seems risky to me because the executable won't be updated
if Microsoft issues a patch.

Regards,

Kurt

-----Original Message-----
From: ACROS Security Lists [mailto:lists () acros si] 
Sent: Friday, February 17, 2012 1:33 PM
To: bugtraq () securityfocus com; full-disclosure () lists grok org uk;
cert () cert org
Subject: Downloads Folder: A Binary Planting Minefield


This blog post reveals a bit of our research and provides an advance
notification of a largely unknown remote exploit technique on Windows. More
importantly, it provides instructions for protecting your computers from
this technique while waiting for the affected software to correct its
behavior.

http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html

or

http://bit.ly/wmq00a

Enjoy the reading!


Mitja Kolsek, CEO / @mkolsek

ACROS, d.o.o.
Makedonska ulica 113, SI - 2000 Maribor, Slovenia Tel +386.2.3000.280  Fax
+386.2.3000.282 Web http://www.acrossecurity.com Blg
http://blog.acrossecurity.com Twt @acrossecurity

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: