Attacker can command from remote site and can acquire root permission.
* Reference sites http://www.microsoft.com/technet/security/advisory/2490606.mspx
http://nakedsecurity.sophos.com/2011/01/05/zero-day-windows-exploit/
http://www.f-secure.com/weblog/archives/00002081.html
http://nakedsecurity.sophos.com/2011/01/05/zero-day-windows-exploit/
http://www.f-secure.com/weblog/archives/00002081.html
2. Vulnerability details and prevention
Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
Attacker can execute certain code with Windows Graphics Rendering vulnerability and can see, modify, delete data.
Besides, this vulnerability has been figured out by Moti Joseph and Xu Hao on POC 2010 conference and can occur while modifying thumbnail image.
* Thumbnail image
Thumbnails are reduced-size versions of pictures, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words. In the age of digital images, visual search engines and image-organizing programs normally use thumbnails, as do most modern operating systems or desktop environments, such as Microsoft Windows, Mac OS X, KDE, and GNOME
Thumbnails are reduced-size versions of pictures, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words. In the age of digital images, visual search engines and image-organizing programs normally use thumbnails, as do most modern operating systems or desktop environments, such as Microsoft Windows, Mac OS X, KDE, and GNOME
[Affected Softwares]
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
[Unaffected Softwares]
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
[Temporary solution]
Before releasing security patch for this vulnerability, user can avoid damage with modifying command on following file.
Modifying Access Control List(ACL) of shimgvw.dll on CMD will help user to avoid damage.
Windows XP and Windows Server 2003 (32bit):
- Echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /P everyone:N
Windows XP and Windows Server 2003 (64bit):
- Echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /P everyone:N
- Echo y| cacls %WINDIR%\SYSWOW64\shimgvw.dll /E /P everyone:N
Windows Vista and Windows Server 2008 (32bit):
- takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
- icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL.TXT
- icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny everyone:(F)
Windows Vista and Windows Server 2008 (64bit):
- takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
- takeown /f %WINDIR%\SYSWOW64\SHIMGVW.DLL
- icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL32.TXT
- icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL64.TXT
- icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny everyone:(F)
- icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /deny everyone:(F)
However, it can occur error on playing media file.
[Recover process to apply security patch]
For user who already followed the process above, user have to recover before applying official security.
Windows XP and Windows Server 2003 (32bit):
- cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /R everyone
Windows XP and Windows Server 2003 (64bit):
- cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /R everyone
- cacls %WINDIR%\SYSWOW64\shimgvw.dll /E /R everyone
Windows Vista and Windows Server 2008 (32bit):
- icacls %WINDIR%\SYSTEM32 /restore %TEMP%\SHIMGVW_ACL.TXT
Windows Vista and Windows Server 2008 (64bit):
- icacls %WINDIR%\SYSTEM32 /restore %TEMP%\SHIMGVW_ACL32.TXT
- icacls %WINDIR%\SYSWOW64 /restore %TEMP%\SHIMGVW_ACL64.TXT
[Microsoft Fix it]
MS distributes "Fixit" on following URL.
- Download Fixit
- http://support.microsoft.com/kb/2490606
- http://support.microsoft.com/kb/2490606
To use PC safely from security threats of this vulnerability, we recommend following "Security management tips" for general users.
Love your blog man. Thanks for this stuff.
ReplyDeletehttps://tweakbox-app.com/download
https://tweakbox-app.org/download
https://gameguardianapp.com
The news you share is very attractive. I love reading your posts, I will regularly read your blog.
Deleteدانلود آهنگ جدید
These resume tips tips were tested by time, and they worked in most cases!
ReplyDeleteIn case of any further problems or questions, you may count on professional help from our academic & business team of writers that can write a brilliant resume!
Taruhan bola di sbobet88 sangat mudah dengan fitur yang lengkap dan juga menjadi bandar bola paling populer di Asia.
ReplyDeleteSeluruh bursa taruhan pertandingan dari berbagai turnamen olahraga di seluruh penjuru dunia bisa anda temukan di sbobet88.
sbobet88 merupakan situs judi taruhan bola online yang paling didetail dan lengkap yang sangat disukai bahkan diminati oleh banyak penggemar judi online.
Taruhan sbobet88 merupakan bandar bola yang paling digemari saat ini, apalagi dengan event-event olahraga seperti Liga besar eropa, liga champion, piala dunia, piala eropa dan banyak lagi.
Untuk bisa bermain judi sepak bola online terbaik sbobet88 anda harus memiliki akun asli yang bisa didapatkan dengan sangat mudah dan cepat melalui agen resmi.
arenabet168 situs agen idn poker
ReplyDeletesitus resmi idn poker online
cara daftar idn poker
form daftar poker idn
deposit idn poker online
Do you have an insight where to acquire Medical Writing Services? Hire a Medical Assignment Help Writer for all your Medical Assignment Writing Services.
ReplyDeleteceme online terpercaya 2020
ReplyDeleteدانلود آهنگ های بهنام بانی
ReplyDeleteدانلود تمام آهنگ های فرزاد فرزین
دانلود آهنگ جدید
Purchase biology research paper help services and biology coursework writing services since students find help when they visit Biology Essay Writing Services.
ReplyDeleteFinding the best history coursework writing services and History Essay Writing Services is not easy unless one is keen to establish a reliable history assignment writing service provider & history research paper writing service.
ReplyDelete