A zero-day exploit in several versions of Windows has been found that includes the ability to execute malicious code spread through favicons.  Because of this, site favicons have been temporarily disabled for news stories.  This will be restored once there has been a patch.

Details here: http://secunia.com/advisories/22159/
Posted by Ellyoda Sun, 25 Jul 2010 01:08:02 (comments: 10)
 
Sun, 25 Jul 2010 03:55:24
What are favicons?
 
Sun, 25 Jul 2010 04:01:17
Favicons are the small icons in tabs and beside the address bar that appear for sites.

There shouldn't be any issue on our end for displaying them on the news as it's inline, but I'm taking the precautionary stance.  The primary basis is to not be downloading them to the server for now.
 
Sun, 25 Jul 2010 04:01:36

SteelAttack said:
What are favicons?

favicons

 
Sun, 25 Jul 2010 04:10:27
I disabled the favicons in Firefox. Is that all that's needed to be safe?
 
Sun, 25 Jul 2010 04:47:03
The issue is much broader than just the favicons, that's just a vector.  The problem is in Windows shell itself (the graphical display infrastructure used for GUIs).

From my perspective, the demonstrated possibility to exploit it through favicons was the most significant known concept thus far, but it's just a symptom.  There's no real workaround as it's too integral to the entire operating system (the result would be disabling ALL icon displays).  Though if you worked locally in DOS and browsed the web on Lynx you'd be safe.

EDIT: Actually, there is technically the ability to replace the Windows shell with a third-party program, but it's not a nice process.  Just avoid the dark places of the net, don't let random people with USB sticks near your computer, and keep patched as updates come along.
 
Sun, 25 Jul 2010 14:10:47

I never click those things.
 
Sun, 25 Jul 2010 15:06:13
gamingeek said:

I never click those things.

They aren't for clicking.

 
Sun, 25 Jul 2010 15:13:39
YODABOTS WAGE THEIR BATTLES TO DESTROY THE EVIL FORCES OF THE FAVICONS!


 
Mon, 26 Jul 2010 00:38:36
old Nyaa

It's so funny.  It's a vulnerability with .lnk files yeah?  I think they waited to exploit it until MS turned off support for 2K and XP a couple of weeks ago.  Not really, no one has that much patience, but still it was good timing.

But good catch on that.  I didn't even think of the use of favicons on the site.
 
Thu, 05 Aug 2010 00:13:43
An out-of-cycle patch was released yesterday, so make sure you've updated if you're running Windows.  Note, however, that support for Windows XP SP2 is officially stopped, so you aren't getting patches anymore.  Move to SP3 if you're still on XP.
Log in or Register for free to comment
Recently Spotted:
*crickets*
Login @ The VG Press
Username:
Password:
Remember me?