Metasploit Module Released for Latest Windows 0-day

 

The folks over at the Metasploit Framework have released a working exploit module that takes advantage of the much talked about vulnerability in the Windows Shell.  

This module proves this vulnerability is not limited to being exploited via thumb drives or email attachments. 

Microsoft has no patch available as of yet, however they offer some ugly workarounds: disable the display of .lnk and .pif files, block .lnk.pif files at your network’s perimeter, or disable WebDAV…

FYI: Disabling WebDAV wreaks havoc in some SharePoint instances.

The browser exploit module uses WebDAV to host a .lnk file and malicous dll.  No click necessary!  After the target browses to a malicous site, assuming WebDAV is enabled, up pops a window containing the two files and your msf payload is deployed.  McAfee 8.7.0i was mum to the exploit, even tho a source at McAfee has stated, “Coverage for known exploits is provided in the current DAT set (6047) as Generic Dropper!dfg”.  Perhaps thats why I got no alert: my payload wasn’t’ a trojan.  

Regardless, this is a very good delivery method and while the attacks using this method in the wild are targeted, I wouldn’t be surprised if more malcode was to be spread via this vector.

Advertisements

One thought on “Metasploit Module Released for Latest Windows 0-day

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s