How are CVE-2017-8464 LNK code execution vulnerabilities exploited 02/28 Update SLTechnology News&Howtos

How are CVE-2017-8464 LNK code execution vulnerabilities exploited

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Shulou(Shulou.com)06/01 Report--

CVE-2017-8464 LNK code execution vulnerability is how to attack, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Microsoft fixed the CVE-2017-8464 LNK code execution vulnerability last June, which can be successfully exploited to gain the same user privileges as local users, and attackers can spread attacks via any removable drive (such as a U disk) or remote sharing. This vulnerability is also known as the "Stuxnet third generation" vulnerability. Then rapid7 submitted the exploit,360CERT about the vulnerability in the metasploit-framework project and issued the relevant early warning notice as soon as possible:

CVE-2017-8464 LNK Code execution vulnerability Field exploit early warning

Https://cert.360.cn/warning/detail?id=1096b294b5c91e001e0dbaf33bfbc418

Here is a sample of a mine used in the field, which was made and uploaded to VT in December last year.

Load the dll under the specified directory by exploiting the LNK vulnerability:

The attacker dug Monroe coins and can see that the main mining program comes from open source code:

There may be more malicious code to exploit this vulnerability, especially for users who frequently use USB drives in local area networks such as enterprises and schools. By exploiting the LNK vulnerability and setting the USB disk to play automatically, once the vulnerable computer inserts a removable disk containing a virus, the attacker will be infected, and will also infect other inserted removable disk. 360CERT recommends that users install 360Security Guard Protection and update the patch as prompted:

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.