Microsoft LNK exploit

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

The recently discovered LNK exploit; using the way Microsoft parses link or 
shortcut icons for display in order to get something else executed; may be a 
tempest in a teapot.  It is technically sophisticated, but so far we don't appear to 
have seen it used widely.

Probably a good thing.

This exploit could be used in a wide variety of ways.  You can use it in removeable 
media, so that any time you shove a CD in a drive, or connect a USB stick/thumb 
drive (or any other USB device, for that matter) to a computer, it results in an 
infection or some malicious payload.

And remember that OLE stands for object *LINKING* and embedding.  Since it is 
trivially easy to embed a virus in any Windows OLE format data file, it should be 
just as easy to create malicious links in any such files.

Microsoft's own information on the issue ( 
http://www.microsoft.com/technet/security/advisory/2286198.mspx )  seems to 
indicate that there is a related, but separate, issue with Microsoft Office 
components, related to Web based activities.  (By the way, when accessing that 
site, the information about how to protect against the exploit is hidden under the 
"Workarounds" link, rather than being explicit on the page.)

Some of the potential effects are discussed by Randy Abrams at 
http://blog.eset.com/2010/07/19/it-wasn%E2%80%99t-an-army


======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
     He who praises everybody, praises nobody.      - Samuel Johnson
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://www.infosecbc.org/links http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.