This functionality in Windows has been a problem for many years, and this is not the first time Microsoft has addressed...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
this sort of flaw. The different but related problem of conflicting DLLs, seen for example with mapi32.dll, has been long-term one for Windows, going back as far as Windows NT. Windows is also not the only platform in which a malicious DLL could be used to attack a system. Unix-based systems can also be configured to load the DLL equivalents from the current working directory, but configuring the current working directory in the path is not the default on Unix, as it is in Windows, making Unix exploitation less likely.
You can protect your enterprise by using the Microsoft DLL download FixIt that disables the Windows Webclient service in order to prevent loading libraries from WebDAV and network shares, or by blocking outgoing Windows networking traffic at your firewall. You will also need to use software, such as Firefox 3.6.9 or later, that securely loads DLLs, following Microsoft's DLL-loading guidance to remove this vulnerability fully. You will need to thoroughly test this fix before deploying it, however, because many enterprises install software to the network, which requires legitimate DLLs to be loaded from network shares; deploying the fix may impact this functionality.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Nick Lewis
Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this...continue reading
Malicious Windows BITS tasks set up by attackers can reinfect systems even after the malware has been removed. Expert Nick Lewis explains how to ...continue reading
ZCryptor ransomware can self-replicate through autorun files placed on removable storage devices. Expert Nick Lewis explains how your enterprise can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.