ITS ADVISORY NUMBER:
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (MS12-081)
A vulnerability has been discovered in Windows that could allow for remote code execution. This vulnerability could be exploited by creating a specially crafted file or folder that is located on the local system, network share, or downloaded from an external source. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
A remote code execution vulnerability exists in the way that Microsoft Windows parses file names. A specially crafted file or folder, upon enumeration, could corrupt memory in such a way that allows an attacker to load arbitrary code and execute it within the privilege context of the current logged in user.
An attacker could exploit the vulnerability in the following scenarios:
- An attacker could store a specially named file or folder on a network share, UNC path, WebDav directory and encourage a user to visit that directory.
- An attacker could e-mail a specially named file as an attachment to a user and encourage them to browse to that attachment's location.
- An attacker could host a specially crafted file on a website and encourage a user to download that file and browse to its location on the file system.
We recommend the following actions be taken:
- Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Deploy network intrusion detection systems to monitor network traffic for malicious activity.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
- Remind users not to download or open files from un-trusted websites.
- Cyber Security Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal