LNK and PIF (ico related) flaw

for everything else

LNK and PIF (ico related) flaw

PostPosted by JH2k » Mon Aug 02, 2010 11:14 pm

Interesting flaw just when Microsoft dropped support for Windows 2000.

http://www.microsoft.com/technet/securi ... 86198.mspx

They won't release a patch for shell32.dll for any system below Windows XP SP2.

Are you afraid ?
JH2k
 
Posts: 140
Joined: Sat Nov 29, 2008 9:23 pm

Re: LNK and PIF (ico related) flaw

PostPosted by adun » Tue Aug 03, 2010 8:16 am

There's another hole detectet just after MS drop the support for win2k. A securitiy leak in mfc42.dll for Win2k SP4 and XP SP2. For XP MS will make a patch but not for win2k. But a friend of mine is just making a mfc-patch for win2k ;)

Now it's just harder to get win2k up-to-date. All security holes detectet in winXP might be also in win2k. We must observe all the updates and when necessary backport them to win2k.
adun
 
Posts: 68
Joined: Sun Sep 20, 2009 10:49 am

Re: LNK and PIF (ico related) flaw

PostPosted by DosFreak » Tue Aug 03, 2010 1:21 pm

DosFreak
 
Posts: 237
Joined: Thu Feb 21, 2008 12:04 pm

Re: LNK and PIF (ico related) flaw

PostPosted by JH2k » Tue Aug 03, 2010 2:04 pm

In terms of dangerous, I consider this one worst than the mfc42.dll, or I mindunderstood the mfc one, but it looks is not as easy or luckily to be exploited.

Interesting workaround, Dosfreak, thanks :), use a third party dll to handle the icons for these file types. I read something similar, the one is told about sophos but I thought it was included with the full app, thats why I didn't consider it at all. I'm going to watch their video and details.
JH2k
 
Posts: 140
Joined: Sat Nov 29, 2008 9:23 pm

Re: LNK and PIF (ico related) flaw

PostPosted by OldBoy2k » Sat Aug 07, 2010 3:55 pm

adun wrote:There's another hole detectet just after MS drop the support for win2k. A securitiy leak in mfc42.dll for Win2k SP4 and XP SP2. For XP MS will make a patch but not for win2k. But a friend of mine is just making a mfc-patch for win2k ;)

Now it's just harder to get win2k up-to-date. All security holes detectet in winXP might be also in win2k. We must observe all the updates and when necessary backport them to win2k.


Great news.You have any progress news, yet?

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: LNK and PIF (ico related) flaw

PostPosted by adun » Thu Aug 26, 2010 9:37 am

I tried to install the Sophos LNK exploit protection
It's an msi-file but theres a special lounch condition build in to avoid installation on windows 2000.
Can somebody help me and have a look at this : http://www.sophos.com/products/free-tools/sophos-windows-shortcut-exploit-protection-tool.html
adun
 
Posts: 68
Joined: Sun Sep 20, 2009 10:49 am

Re: LNK and PIF (ico related) flaw

PostPosted by justjohnny » Fri Aug 27, 2010 10:06 am

adun have you tried writing to Sophos to see if they will release a win2k installer?
justjohnny
 
Posts: 217
Joined: Mon Apr 12, 2010 7:25 am

Re: LNK and PIF (ico related) flaw

PostPosted by OldBoy2k » Fri Aug 27, 2010 1:00 pm

adun wrote:I tried to install the Sophos LNK exploit protection
It's an msi-file but theres a special lounch condition build in to avoid installation on windows 2000.
Can somebody help me and have a look at this : http://www.sophos.com/products/free-tools/sophos-windows-shortcut-exploit-protection-tool.html


Yeah, seems to be some new routine.Anyhow, i was able to successfully extract the msi content and it only contains two libraries.Maybe you can update the software manually.

BR
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: LNK and PIF (ico related) flaw

PostPosted by OldBoy2k » Fri Aug 27, 2010 5:23 pm

Got it 8)!Open the "Sophos Windows Shortcut Exploit Protection Tool.msi" with Orca and select InstallUISequence table and change action InstallConditions entry Condition=1 to 0.Save and install.Have fun.

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: LNK and PIF (ico related) flaw

PostPosted by adun » Fri Aug 27, 2010 6:33 pm

GREAT Oldboy2k :D !!
Very nice work. I didn't find that out ;)

Thank you. Now we have a teporary fix for the LNK problem

Is there a way to test it ??
adun
 
Posts: 68
Joined: Sun Sep 20, 2009 10:49 am

Re: LNK and PIF (ico related) flaw

PostPosted by DosFreak » Sat Aug 28, 2010 1:44 am

DosFreak
 
Posts: 237
Joined: Thu Feb 21, 2008 12:04 pm


Return to Offtopic

Who is online

Users browsing this forum: No registered users and 0 guests

cron