40 Windows Apps Feature Critical Vulnerabilities
For users of Windows and its associated applications, the news is not good this morning.
Noted Internet security researcher HD Moore, of Rapid 7, reported Wednesday that 40 different Windows applications have serious security vulnerability.
The vulnerabilities are, according to Moore, similar to one found in Apple’s iTunes for Windows. Apple has patched the vulnerability in that program.
According to Apple, iTunes running on Macs are not vulnerable.
The vulnerabilities were hinted at it in a security bulletin posted by the Slovenian firm, Acros.
The Acros bulletin does not identify the applications that are vulnerable though, according to Moore, there are roughly 40 of them, including the Windows Shell.
These Internet security vulnerabilities leave Windows users open to malicious attacks. At this point, these vulnerabilities seem to have a great deal in common with the Windows shortcut vulnerability that Microsoft issued an emergency patch for earlier this month.
That vulnerability left users open to drive-by attacks simply by surfing the web.
Moore and Acros did not release any information on specific applications that are vulnerable, citing the possibility of increased exploitation. Microsoft as only said that it is looking into the report.
Moore did offer two possible measures users could take to improve their level of protection against these attacks:
- Block outbound SMB connections on ports 445 and 139
- Disable the Windows WebDAV client
Moore cautioned though that these work-arounds would only protect users from Internet based attacks.
Users would remain vulnerable to attacks on LANs and from files planted or embedded on network share points.
These vulnerabilities, unlike the Windows shortcut, may be more difficult to patch. With so many applications involved, each individual application vendor would have to issue a patch for its particular product.
That, unfortunately, could take months, leaving users open to exploitation in the meantime.
About RESCUECOM:
RESCUECOM provides computer repair and computer support, 24/7: Meeting every tech support need including data recovery, virus removal, networking, wireless services, and computer support for all brands of hardware and software. For computer support or information on products, services, or computer repair, visit https://www.rescuecom.com or call 1-800-RESCUE-PC.
For More Information, Contact:
David Milman, CEO
315-882-1100
david@rescuecom.com
Filed under: apple, Computer Support, Internet, Internet Security, Malware, Microsoft, networks, news, security, virus