By Ionut Ilascu 11 Mar 2015
Security update corrects the way DLL files are handled
Microsoft botched the initial fix for the LNK parsing vulnerability in 2010, a glitch that had been used for cyber-espionage purposes by the state-sponsored Equation group since at least 2008.
In August 2010, Microsoft issued a patch for CVE-2010-2568, a vulnerability that allows an attacker to gain a foothold on a targeted machine when the victim simply opens a folder with malformed shortcut files (LNK), a USB drive being the initial infection vector.
The security flaw came to light earlier that year, when security researchers at Belarusian antivirus company VirusBlokAda discovered Stuxnet, the malware created to target Siemens SIMATIC Step 7 or SIMATIC WinCC software used in industrial control systems (ICS).
http://i1-news.softpedia-static.com/images/news2/Shortcut-Parsing-Glitch-Used-by-Equation-Group-Re-Patched-by-Microsoft-475479-4.jpg
Top Exploits in 2104 - HP's Cyber Risk report for 2105.
Full Article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.