Microsoft to address DLL load hijacking flaw, issues new tool

Robert Westervelt, News Director

A flaw in the way Microsoft and some third party applications preload shared files in Windows will be addressed by the software maker over time, but until then Microsoft is urging customers to install a new tool and an automated temporary patch to block attacks attempting to exploit the flaw.

Even with improved guidance, we recognize that it may take quite a bit of time for all affected applications to be updated and for some an update may not be possible.

Jerry Bryant,
group manager of response communicationsMicrosoft

    Requires Free Membership to View

In an update on an ongoing Microsoft investigation into a dynamic-link library (DLL) preloading vulnerability, Microsoft said it would issue security updates to address the vulnerability in its applications. The software giant rated the flaw important because a user would need to click through a series of warnings and dialogs to open a malicious file attempting to exploit the vulnerability.

"DLL preloading is a well-known class of vulnerabilities and we have had guidance for developers in place for quite some time. We have recently updated that guidance to provide more clarity," wrote Jerry Bryant, Microsoft's group manager of response communications in the Microsoft Security Response Center blog. "Even with improved guidance, we recognize that it may take quite a bit of time for all affected applications to be updated and for some an update may not be possible."

The DLL preloading issue surfaced late last month when security researcher and Metasploit architect H.D. Moore, CSO at Rapid7, published details about the DLL load hijacking issue, along with a generic exploit module for the Metasploit framework and an audit kit to identify affected applications on a system. Moore said he published the details after a Slovenian security firm published an advisory about a "binary planting" flaw in iTunes.

Microsoft issued a security advisory Aug. 23, with updated guidance for developers and a new tool that could prevent unsafe DLL loading. In addition a temporary automated patch has been developed to address network-based attack vectors, Microsoft said.

"Customers should note that the tool is limited to protecting against DLL preloading only and does not protect against .exe files that do not properly load files via a fully qualified path and developers will be required to update those applications accordingly," Bryant said.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: