Critical Vulnerability in Microsoft Windows Shell
GSA Reference Number: AD100719-01
Simply Put: Microsoft has released an advisory for a code execution vulnerability in Microsoft Windows Shell. This vulnerability affects Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. This vulnerability can be exploited if a user opens a USB device or network share with a malicious-crafted shortcut file (.lnk). Microsoft has also been alerted to attacks using this exploit code. Gladiator recommends that users apply workarounds recommended by Microsoft as soon as possible. No patch has been released as of yet.
July Microsoft Patch Tuesday
Microsoft has announced 4 new patches today to fix vulnerabilities that could allow remote code execution, elevation of privileges and tampering. Three patches are rated Critical by Microsoft and affects Microsoft Windows and Microsoft Office. One patch is rated Important by Microsoft and affects Microsoft Outlook. Gladiator recommends that users with impacted systems apply all Critical patches immediately. Detailed information for the patches can be found in Microsoft’s July Security Bulletin. Summary information is included below:
Domain Registrar Scam
Gladiator has received reports that an old email scam regarding domain registry has resurfaced, and the amount of scam-related emails sent to website owners has picked up greatly. Basically, the scammers will send a deceptive email to a user at the organization, usually the person whose name is listed as registering the website or the CEO of the organization, if this information is listed on the public-facing website. The email states that the organization’s domain registration is going to expire in Asia, and directs the organization to send money to a domain registrar in order to keep others from buying the domain space. (A perfect example of one of these scam emails can be seen by clicking here.) Most of the scam email examples that Gladiator has seen have been sourced from China or other nations in Asia. Basically, these scammers are instigating fear on the part of the unsuspecting user by suggesting that his organization may lose its domain space (.com address) unless he acts as they direct.
Previous Articles
Gladiator Research and Security
This site is here to provide security related information and articles to better protect your financial institutions. We'll be posting advisories, blog entries and trends often so be sure to check back weekly.