Article

Microsoft issues advisory on DLL load hijacking flaw

SearchSecurity.com Staff

Microsoft issued a security advisory on Monday to address a DLL loading vulnerability that researchers say affects a number of applications.

While the root cause of the vulnerabilities has been known

    Requires Free Membership to View

for awhile, a remote attack vector was published last week, Microsoft said.

Security researcher and Metasploit architect HD Moore, CSO at Rapid7, published details about the DLL load hijacking issue on Monday, along with a generic exploit module for the Metasploit framework and an audit kit to identify affected applications on a system. In his blog post, he noted that other researchers were aware of the vulnerabilities for months before a Slovenian security firm published an advisory about a "binary planting" flaw in iTunes.

Moore said he identified a couple dozen applications that appear to be affected by the same problem affecting iTunes. At least four of Microsoft's own applications have been confirmed as vulnerable, he said.

In a blog post, Microsoft said it was investigating whether any of its own applications are affected by the vulnerability. The company said the problem only affects applications that do not load external libraries securely.

Microsoft said it issued guidance to developers on how to prevent the DLL loading vulnerabilities, and also released a tool to mitigate the risk of the new attack vector.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: