Quote:
|
Originally Posted by MrBrian
This would be a good time to consider how you would have fared against this particular malware had you been exposed to it two or three weeks ago, before it was widely known.
|
It seems to be just another remote code execution exploit that attempts to run a binary:
Microsoft Security Advisory (2286198 )
Vulnerability in Windows Shell Could Allow Remote Code Execution
http://www.microsoft.com/technet/sec...y/2286198.mspx
Quote:
How could an attacker exploit the vulnerability?
An attacker could present a removable drive to the user with a malicious shortcut file, and an associated malicious binary. When the user opens this drive in Windows Explorer, or any other application that parses the icon of the shortcut,
the malicious binary will execute code of the attacker’s choice on the victim system.
|
(my emphasis)
Anyone with White List or execution prevention would have blocked the binary from executing.
As long as the payload is a binary executable (as most exploits these days carry), White List protection will block the attempted execution, no matter what vulnerability is being exploited.
----
rich