Sunday, September 19, 2010

40 Windows Apps Contain Critical Bug

Last week it was announced that 40 different Windows apps contain a bug that could be used to hijack PCs and infect them with malware. Computerworld reports that security researcher HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit, has been the one blowing the horn on these vulnerabilities. It was first found about four months ago when Apple patched it in the Windows version of iTunes. The same bug remains in more than three dozen different apps, according to Moore, who wouldn’t reveal the specifics of which programs are affected.

Each program will have to be patched separately by their respective application developers. Moore found the bug when he was researching the Windows shortcut bug that was recently patched on August 2. He says about the vulnerability,

The vector is slightly different between applications, but the end result is an attacker-supplied .dll being loaded after the user opens a ’safe’ file type from a network share

View the Original article

No comments:

Post a Comment