Flaws Abound in Microsoft Windows Security Advisories - Architecture

Visual Studio 2010!

	DevSource RSS FEEDS
	Want an easy way to keep up with breaking tech news? And the Get DevSource headlines delivered to your desktop with RSS.

DevSource.com: Your Source for Visual Studio on Facebook

Flaws Abound in Microsoft Windows Security Advisories

By DevSource
2010-07-21

Article Rating:

/ 0

Rate This Article:

Add This Article To:

Security researchers are expressing concern that Microsoft's security advisory about a Windows vulnerability is misleading, as users do not need to click on malicious icons in order to trigger malware exploiting the flaw, which, according to all sides, has already been the subject of attacks.

To read this article in its entirety, please visit eWeek: Microsoft Windows Security Advisory Flawed, Pros Say

Some security pros are taking issue with Microsoft's advisory on a zero-day vulnerability one researcher referred to as "simple to exploit."

The vulnerability lies in the Windows Shell component. While Microsoft asserted in its advisory July 16 that the result of the vulnerability is that "malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut," security researchers are stressing that it is not necessary for users to click on an icon.

"All you do is open a device/network share/WebDav point that has the shortcut, and boom! It runs whatever you tell it to," said Sophos Senior Security Advisor Chester Wisniewski. "It is downright simple to exploit. Any criminal with the most basic of skills can take advantage of this flaw. We have not seen much activity in the wild yet, but now that a proof of concept is posted it is likely to become a major issue as the week rolls on."

	Discuss Flaws Abound in Microsoft Windows Security Advisories

	>>> Be the FIRST to comment on this article!



	>>> More Microsoft Architecture Articles >>> More By DevSource

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Contact us \| Advertise \| Site Map
	Security: Enterprise Security Network Security Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Center Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos Magazine Subscriptions Enterprise Websites: ZDE Home Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices iGrep Search Engine PDF Zone Linux Watch TechDirect
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 11