[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Downloads Folder: A Binary Planting Minefield
- To: <security@xxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <cert@xxxxxxxx>
- Subject: Re: [Full-disclosure] Downloads Folder: A Binary Planting Minefield
- From: Kurt Dillard <kurtdillard@xxxxxxx>
- Date: Mon, 20 Feb 2012 13:50:01 -0300
Mitja,
The #1 item on your list of countermeasures should be to advise people to
not run with admin privileges in general and especially when surfing the
web. Your #5 item seems risky to me because the executable won't be updated
if Microsoft issues a patch.
Regards,
Kurt
-----Original Message-----
From: ACROS Security Lists [mailto:lists@xxxxxxxx]
Sent: Friday, February 17, 2012 1:33 PM
To: bugtraq@xxxxxxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx;
cert@xxxxxxxx
Subject: Downloads Folder: A Binary Planting Minefield
This blog post reveals a bit of our research and provides an advance
notification of a largely unknown remote exploit technique on Windows. More
importantly, it provides instructions for protecting your computers from
this technique while waiting for the affected software to correct its
behavior.
http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html
or
http://bit.ly/wmq00a
Enjoy the reading!
Mitja Kolsek, CEO / @mkolsek
ACROS, d.o.o.
Makedonska ulica 113, SI - 2000 Maribor, Slovenia Tel +386.2.3000.280 Fax
+386.2.3000.282 Web http://www.acrossecurity.com Blg
http://blog.acrossecurity.com Twt @acrossecurity
ACROS Security: Finding Your Digital Vulnerabilities Before Others Do
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/