diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


40 Windows apps affected with critical bug, “Single Patch Won’t Fix,” says researcher

HD Moore, of Rapid7 and creator of the open-source Metasploit penetration-testing toolkit, revealed that “About 40 different Windows apps contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware.” The flaw was originally discovered in iTunes for Windows, and was patched by Apple four months ago with iTunes 9.1.

“He said a wide range of apps are affected, and it was found while looking into another flaw involving Windows shortcuts, which Microsoft patched in an emergency update. The flaw exists in how the programs handle malformed DLLs. While the methods to trigger the hole differ slightly from app to app, execution causes the hole to open which allows hacker to execute arbitrary code and/or install malware on the infected machine.”

To fix the problem: Moore said “each app would have to be patched on its own.” Users concerned with this vulnerability should block outbound TCP ports 139 and 445, as well as disabling WebDAV client.


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...