Re: Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files

[Mike Cramer <mike.cramer () outlook com>]

Not necessarily, I’m just restating what is mentioned on the mitre post, which I feel can be a bit misleading.

 

There are lots of “what if” scenarios involved in exploitation of this vulnerability. And while I agree with you, the 
ultimate fix to all of these problems is to execute only signed executables and libraries and only when the system has 
Secure Boot enabled with a TPM.

 

Obviously extending this solution down to the library and executable level is far from ideal on general purpose 
computing.

 

So where do you draw the line?

 

I draw the line at “not likely to happen”, “in the most widespread cases already requires elevated privilege to use”, 
and also importantly, “incredibly easy to find by forensics groups assuming no other persistent hooks of the underlying 
kernel.”

 

-Mike

 

From: Brandon Perry [mailto:bperry.volatile () gmail com] 
Sent: Wednesday, April 30, 2014 19:28
To: Mike Cramer
Cc: Alton Blom; fulldisclosure () seclists org; Stefan Kanthak
Subject: Re: [FD] Beginners error: iTunes for Windows runs rogue program C:\Program.exe when opening associated files

 

 

The practice of creating persistent services from temp directories is
"generally avoided". I see what you're saying, but the use case which you
mentioned is an extremely long shot scenario. While possible, it's not
likely going to happen.

 

 

So you're definition of vulnerability relies on likelihood. Gotcha.

 

Don't confuse risk with being vulnerable.



 

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website 


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/