Microsoft issued a security advisory on Monday to address a DLL loading vulnerability that researchers say affects...
a number of applications.
While the root cause of the vulnerabilities has been known for awhile, a remote attack vector was published last week, Microsoft said.
Security researcher and Metasploit architect HD Moore, CSO at Rapid7, published details about the DLL load hijacking issue on Monday, along with a generic exploit module for the Metasploit framework and an audit kit to identify affected applications on a system. In his blog post, he noted that other researchers were aware of the vulnerabilities for months before a Slovenian security firm published an advisory about a "binary planting" flaw in iTunes.
Moore said he identified a couple dozen applications that appear to be affected by the same problem affecting iTunes. At least four of Microsoft's own applications have been confirmed as vulnerable, he said.
In a blog post, Microsoft said it was investigating whether any of its own applications are affected by the vulnerability. The company said the problem only affects applications that do not load external libraries securely.
Microsoft said it issued guidance to developers on how to prevent the DLL loading vulnerabilities, and also released a tool to mitigate the risk of the new attack vector.