Yesterday Microsoft issued a security update for the Windows Address Book binary planting vulnerability, which was used in our Online Binary Planting Exposure Test. Since the launch of this online test, thousands of Windows users worldwide used it to check their exposure to Internet-based binary planting attacks, and we're happy to see people using it for testing their countermeasures.
Obviously, Microsoft's security update broke our online test. While it could still be used for verifying the effectiveness of this particular Microsoft's update, it could no longer serve its original purpose.
We thus extended our online test with two additional unfixed vulnerabilities, one for Windows XP and one for Windows Vista and Windows 7, which allow users to continue testing their computers for exposure to Internet-based binary planting attacks.
For Windows XP, we chose a publicly disclosed binary planting vulnerability in Program Manager Group Converter. Similarly to the now fixed Windows Address Book vulnerability, this one is triggered by double-clicking on a GRP file.
For Windows Vista and Windows 7, our online test exploits a binary planting vulnerability in Windows Media Player 11 and 12, triggered by opening an MPG file. Its exploitability in a real-world attack is limited: Windows Media Player correctly sets its current working directory to a safe location upon startup, therefore simply double-clicking an MPG file in Windows Explorer will not load the malicious DLL from the attacker's location. It is perfect for our test though, as all Windows Vista and Windows 7 systems have Windows Media Player installed, and our tests are not exploit demonstrations but rather a tool for determining one's exposure to a particular type of attack.
We welcome everyone to use our free online test for both verifying the effectiveness of Microsoft's security update and for determining whether it is possible for an external attacker to exploit binary planting vulnerabilities on your computers. Do the Online Binary Planting Exposure Test now!
Wednesday, December 15, 2010
Subscribe to:
Posts (Atom)