RE: Next generation malware: Windows Vista's gadget API

看板Bugtraq作者時間18年前 (2007/09/15 05:30), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/3 (看更多)
Yes, this is a "new" attack vector, but it is always game over anyway if I can get you to run my untrusted program. In my testing, installing any Vista sidebar gadget results in a minimum of 3 warnings, each saying that the code being installed could be harmful, before it is installed. 5 warnings if the gadget is unsigned.=20 It's something to be aware of, because malicious hackers will exploit them, and many end-users will ignore any warning, but not the most worrisome problem on my plate. Secondly, I can completely control the install of any gadgets in my environment using Active Directory group policies to a granular level. Roger ******************************************************************* *Roger A. Grimes, Senior Security Consultant *Microsoft Application Consulting and Engineering (ACE) Services =20 *http://blogs.msdn.com/ace_team/default.aspx *CPA, CISSP, CISA MCSE: Security (2000/2003), CEH, yada...yada... *email: roger@banneretcs.com or rogrim@microsoft.com *Author of Windows Vista Security: Security Vista Against Malicious Attacks (Wiley) *http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470 101555 ******************************************************************* -----Original Message----- From: Tim Brown [mailto:tmb@65535.com]=20 Sent: Thursday, September 13, 2007 5:17 AM To: vuln-dev@securityfocus.com; webappsec@securityfocus.com; full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com; news@securiteam.com Subject: Next generation malware: Windows Vista's gadget API A paper has just been released on the Windows Vista's gadget API. The abstract is as follows: Windows has had the ability to embed HTML into it's user interface for many years. Right back to and including Windows NT 4.0, it has been possible to embed HTML into the task bar, but the OS has always maintained a sandbox, from which the HTML has been unable to escape. All this changes with Windows Vista. This paper seeks to inform system administrators, users and the wider community on both potential attack vectors using gadgets and the mitigations provided by Windows Vista. The full paper can be found at http://www.portcullis-security.com/165.php. Cheers, Tim -- Tim Brown <mailto:tmb@65535.com>
更多 roger. 的文章
文章代碼(AID): #16wlry00 (Bugtraq)
更多 roger. 的文章
文章代碼(AID): #16wlry00 (Bugtraq)