Feeds

Researcher: Code-execution bug affects 200 Windows apps

Ain't no cure for binary-planting blues

Choosing a cloud hosting partner with confidence

About 200 Windows applications are vulnerable to remote code-execution attacks that exploit a bug in the way the programs load binary files for the Microsoft operating system, a security researcher said Thursday.

The critical vulnerability, which has already been patched in Apple's iTunes media player for Windows and VMware Tools, will be especially challenging to fix, because each application will ultimately need to receive its own patch, Mitja Kolsek, CEO of application security consultancy Acros Security, told The Register. He agreed with fellow researcher H D Moore, who on Wednesday said the critical vulnerability is trivial to exploit.

At the time, Moore estimated 40 programs were vulnerable, but security experts from Slovenia-based Acros have found that about 200 of the 220 applications they've tested so far suffer from what they're calling the binary-planting bug. They have yet to complete their inquiry.

“We are expecting that there should be many more,” Kolsek said. “We were just looking for those vulnerabilities that were exploitable in terms of the user double-clicking a document or doing a couple of things with the menu.”

Acros researchers alerted Microsoft to the vulnerability about four months ago and have been working with members of its security team since then to coordinate a fix with the many affected parties. They had been working in secret until Wednesday, when word of the bug first leaked out, he said. He said Microsoft may be able to release some sort of temporary fix while something more permanent is pending.

On Wednesday evening, a Microsoft spokeswoman said the company was investigating the report and would release more details when the inquiry was completed. This article will be updated if Microsoft has anything new to say.

The only other software known to be affected is one or more components in Windows. Both Moore and Kolsek have declined to provide further details, except for a Twitter from post from Moore that said the vulnerability may been reported, in part, 10 years ago. Moore also tweeted that additional information would come on Monday.

So far, what's known about the vulnerability comes mostly from an advisory Acros issued for the iTunes patch. The bug allows attackers to execute malicious code on Windows machines by getting the media player to open a file located on the same network share as a maliciously designed DLL file, it said. In some cases, the bugs can be exploited to execute EXE files and other types of binaries, as well, Kolsek said.

Until a fix is in place users can lessen their exposure by blocking outbound SMB connections on ports 445 and 139 and on WebDAV, but Kolsek reiterated that will do nothing to prevent attacks that originate on local networks, and that can be a problem in large organizations, where compromises of one machine can be used as a jumping-off point to infect other PCs or workstations.

“To own a single computer inside a network is very easy,” he said. “This type of vulnerability would make it really easy to get from this computer to owning some more interesting computers, for example, those belonging to admins. The external firewall would obviously not stop that.” ®

This article was updated to correct the spelling of Mitja Kolsek's name.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.