Client Login
 Quick Contact
DLL hijacking bug hits Microsoft Windows
Category : General 24 Aug 2010 06:10 AM | Industry News
The software giant issued the advisory Monday after recent research revealed that a class of vulnerabilities known as "DLL (dynamic-link Library) preloading" can be exploited remotely by an attacker who places a malicious library on a network share, Christopher Budd, senior security response communications manager at Microsoft,
Microsoft says it's investigating which of its own applications contain this vulnerability, which basically has to do with how applications load external DLLs in an insecure way. Secure library-loading is an issue that's been known to developers, according to Microsoft, but the new remote attack vector revealed over the past few days prompted the advisory. "The root cause of this issue has been understood by developers for some time.
Microsoft's new tool for the flaw, meanwhile, basically alters the way Windows opens libraries. The company also recommends that organizations filter all outbound SMB traffic at the perimeter firewall and disable the WebDAV client service on workstations to stop outbound WebDAV connections.
Meanwhile, for Windows systems, where the Web Client facility runs by default, it's possible to access distantly-located network shares through WebDAV. Consequently, it becomes plausible to deploy the malevolent DLL too via a network share that's online provided the security firewalls let the outgoing HTTP traffic flow into the Internet.
In response to the vulnerability, Microsoft has issued tool packages for each of its supported operating systems that inhibits the loading of libraries from network shares.
Christopher Budd, senior security response communications manager with Microsoft, said this tool would allow system administrators to mitigate risks associated with the DLL vulnerability by “altering the library-loading behavior for the operating system or for specific applications”.
He also added that Microsoft has issued guidance for developers so they can avoid the vulnerability and take measures to ensure that libraries called by programs load correctly.