Tag Archives: PowerShell

More Vulnerabilities in Windows Computers

Last week’s article was about a vulnerability affecting Windows computers running on Windows XP, Vista, and yes, 7 as well. That was, however, the tip of the iceberg of a broader and more general flaw in Windows that predicts more zero-day exploits will be coming from that direction in the near future. The specifics on this are a little over the level of the average user, so I will try to break it down to its simplest possible form while recommending remedies.

First, a definition. The vulnerabilities referred to above are related to Windows PowerShell. Windows WHAT? PowerShell. Shell: The simplest way to communicate this is the command prompt window you sometimes might have seen. You can invoke it by going Start, Run, type “cmd” and press enter. You’ll see a black window with a prompt, problably something like c:\windows\system32>_ or perhaps c:\users\username>_ . That would be an example of a shell. If you know how to, you can enter commands the computer will understand and execute, providing you know the correct syntax.

Ok so PowerShell has been around since 2006. More about why is it called POWERshell below. But the important thing is, the second release of it (version 2.0) was released in Aug 2009. And THAT is the version currently being exploited in the wild.

One thing you need to be aware of: PowerShell is, as its name indicates, very powerful. For that reason many security measures were put in place to limit its improper use. Unfortunately, those measures fell short and now we are starting to experiences the consequences of it.

What to do? The passive way to go about this is to wait for Windows to release patches as the specifics vulnerabilities involving PowerShell are discovered. For the more proactive users, there’s a remedy that resolves the issue even before resorting to patches. In an article written about a year ago on what is the best security model for a Windows computer, I mentioned a specific program designed to avoid unauthorized execution of programs. That model is still valid and the program is AppGuard by Blue Ridge Networks. Computers protected by AppGuard are immune to the particular family of zero-day exploits covered here, and more. No other product that I’m aware of provides such protection. To understand fully why you’ll have to read that article.