Microsoft closed an old SSL backdoor from the US government during its patch Tuesday round. A bug that was allegedly exploited in an attack on Iranian nuclear centrifuges and had not yet been completely fixed has now been fully resolved, Microsoft said.
It was initially thought that Windows users were not vulnerable to the so-called Freak attack, an old backdoor in SSL that allows attackers to enforce a lower degree of encryption and thus eavesdrop on the connection. It later turned out to be the case, and Microsoft has now squashed the bug during its patch Tuesday security round.
In addition, a vulnerability that would have been used years ago by the US government in the Stuxnet attack on Iranian nuclear facilities was not yet closed well enough. The bug was already fixed in 2010, but there was still an opportunity to run code on a victim’s system. It concerns the so-called ‘.lnk’ bug, in which an attacker can execute code on a system by having him or her open a folder with a malicious shortcut.
German researcher Michael Heerklotz discovered that the bug could still be exploited, Threatpost writes. He managed to circumvent the measures Microsoft had built in to contain the bug. It’s unclear if the bug has been exploited in the past five years. What is certain is that the bug is easy to abuse: an attacker can, for example, give a victim a USB stick with an infected shortcut, after which connecting the USB stick and opening the folder is enough to become infected.