Microsoft issues advisory on DLL load hijacking flaw

Software giant addresses application vulnerability after remote attack vector surfaces.

Microsoft issued a security advisory on Monday to address a DLL loading vulnerability that researchers say affects

a number of applications.

While the root cause of the vulnerabilities has been known for awhile, a remote attack vector was published last week, Microsoft said.

Security researcher and Metasploit architect HD Moore, CSO at Rapid7, published details about the DLL load hijacking issue on Monday, along with a generic exploit module for the Metasploit framework and an audit kit to identify affected applications on a system. In his blog post, he noted that other researchers were aware of the vulnerabilities for months before a Slovenian security firm published an advisory about a "binary planting" flaw in iTunes.

Moore said he identified a couple dozen applications that appear to be affected by the same problem affecting iTunes. At least four of Microsoft's own applications have been confirmed as vulnerable, he said.

In a blog post, Microsoft said it was investigating whether any of its own applications are affected by the vulnerability. The company said the problem only affects applications that do not load external libraries securely.

Microsoft said it issued guidance to developers on how to prevent the DLL loading vulnerabilities, and also released a tool to mitigate the risk of the new attack vector.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close