Uggghh. I should have known better, but there I was, staring at a bright-red screen in my Google Chrome tab that was trying to impress upon me—as much as a software browser could sans digital kick to the butt—that the popular tech news site I was about to visit was riddled with some kind of malware.
“Impossible,” I thought to myself. “There’s no way that this, a common site I frequent on a near-daily basis, could have anything to do with nefarious crap trying to install itself on my PC.”
Yes, the phrasing of my thoughts really does come out like that. So does my stubbornness. For rather than heed Google’s warning that the site I was about to visit was about to unleash a world of hurt on my system, I calmly told my browser that I was comfortable proceeding on my own (damnit).
I clicked the link, read my news and… was thrilled to find a new “Security Center” malware now popping up out of my taskbar about once every five minutes. Sigh. Before I could even turn to one of the many “get the heck off my system” tools that I keep installed for such measures, my entire screen went blue.
So, what do you use to clean your PC... aside from a baseball bat?
Security researcher HD Moore thought he had let the cat out of the bag when he referred to a widespread Windows vulnerability in a tweet on Wednesday. But as it turns out, Moore may have failed to fully gauge the scale of the issue, which he thought affected “about 40 different apps, including the Windows shell.” Mitja Kolsek, CEO of Slovenian security company Arcos, reckons that “most every Windows application has this vulnerability.” Moore had linked to a security advisory issued by Arcos in his tweet.
"We examined a bunch of applications, more than 220 from about 100 leading software vendors, and found that most every one had the vulnerability,” Kolsek told Computer World. “These vulnerabilities' critical impact and relative ease of exploitation present a serious threat to basically all Windows machines.”
The “remote binary planting” vulnerability can be exploited quite easily using malicious files, according to Kolsek. “The main enabler for this attack is the fact that Windows includes the current working directory in the search order when loading executables."
Both Kolsek and Moore fear that the affected applications might have to be patched individually, as patching Windows could disrupt existing applications.