Feeds

Researcher: Code-execution bug affects 200 Windows apps

Ain't no cure for binary-planting blues

High performance access to file storage

About 200 Windows applications are vulnerable to remote code-execution attacks that exploit a bug in the way the programs load binary files for the Microsoft operating system, a security researcher said Thursday.

The critical vulnerability, which has already been patched in Apple's iTunes media player for Windows and VMware Tools, will be especially challenging to fix, because each application will ultimately need to receive its own patch, Mitja Kolsek, CEO of application security consultancy Acros Security, told The Register. He agreed with fellow researcher H D Moore, who on Wednesday said the critical vulnerability is trivial to exploit.

At the time, Moore estimated 40 programs were vulnerable, but security experts from Slovenia-based Acros have found that about 200 of the 220 applications they've tested so far suffer from what they're calling the binary-planting bug. They have yet to complete their inquiry.

“We are expecting that there should be many more,” Kolsek said. “We were just looking for those vulnerabilities that were exploitable in terms of the user double-clicking a document or doing a couple of things with the menu.”

Acros researchers alerted Microsoft to the vulnerability about four months ago and have been working with members of its security team since then to coordinate a fix with the many affected parties. They had been working in secret until Wednesday, when word of the bug first leaked out, he said. He said Microsoft may be able to release some sort of temporary fix while something more permanent is pending.

On Wednesday evening, a Microsoft spokeswoman said the company was investigating the report and would release more details when the inquiry was completed. This article will be updated if Microsoft has anything new to say.

The only other software known to be affected is one or more components in Windows. Both Moore and Kolsek have declined to provide further details, except for a Twitter from post from Moore that said the vulnerability may been reported, in part, 10 years ago. Moore also tweeted that additional information would come on Monday.

So far, what's known about the vulnerability comes mostly from an advisory Acros issued for the iTunes patch. The bug allows attackers to execute malicious code on Windows machines by getting the media player to open a file located on the same network share as a maliciously designed DLL file, it said. In some cases, the bugs can be exploited to execute EXE files and other types of binaries, as well, Kolsek said.

Until a fix is in place users can lessen their exposure by blocking outbound SMB connections on ports 445 and 139 and on WebDAV, but Kolsek reiterated that will do nothing to prevent attacks that originate on local networks, and that can be a problem in large organizations, where compromises of one machine can be used as a jumping-off point to infect other PCs or workstations.

“To own a single computer inside a network is very easy,” he said. “This type of vulnerability would make it really easy to get from this computer to owning some more interesting computers, for example, those belonging to admins. The external firewall would obviously not stop that.” ®

This article was updated to correct the spelling of Mitja Kolsek's name.

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.