From JMH link.

Let's take a deep breath, step back, and take a closer look.
DLL Hijacking requires two files: a data file (more accurately, a file with a filename extension that's associated with a program that's susceptible to DLL hijacking) and a jiggered DLL file. In most cases, both files have to reside in the same folder. Yes, the rogue DLL can be in a different folder, but if somebody can plant a bad DLL in your system folder, you're hosed anyway.
Most companies block network access (WebDAV and SMB) at the corporate firewall. So most companies (and most users) are primarily concerned about getting infected by a pair of files sitting in a folder on a USB drive, a network share, a CD, possibly inside the same ZIP file, or some similar location. Typically, the victim navigates to the folder in Windows Explorer and double-clicks on the data file, thus invoking the vulnerable program that runs the jiggered DLL, which sits in the same folder. That isn't the only way to get infected from a DLL hijacking exploit, but from what I've seen it's by far the most common.
I have two recommendations.
First, never double-click on a file that's in a potentially compromised location. Drag it to your desktop, then open it.
If you want to open a Word document that's sitting on a USB drive, for example, drag the file onto your desktop and open it from there. If you see a PPT file on a network share, drag it to your desktop and open it. Have a Visio VSD inside a ZIP file? Extract the VSD from the ZIP first, then open it. Since the DLL hijacking trick (almost) always requires that the two files sit in the same folder, simply dragging the data file somewhere else breaks the link and foils the hijack.
Second, make Windows show you filename extensions and hidden files.
I've been preaching about this for a decade, but every Windows user should be allowed to see filename extensions and hidden files. If you or your users are savvy enough to spot a DLL file sitting in an unusual location, you could readily prevent a hijacking.

I've been always "show filename extensions" and it happenned sometimes me double clicking inside a folder, but now looks that recommendation in this actual place, will make me never do it...

kpo6969 said:

Download details: Update for Windows 7 for x64-based Systems (KB2264107)

Download details: Update for Windows 7 (KB2264107)

This download does not fix the problem but allows you to set some register settings that restrict your programs. The bad part is some of your programs may stop working so its not for the faint of heart. Read the following.

A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm

Jim

Phone Man said:

kpo6969 said:

Download details: Update for Windows 7 for x64-based Systems (KB2264107)

Download details: Update for Windows 7 (KB2264107)

This download does not fix the problem but allows you to set some register settings that restrict your programs. The bad part is some of your programs may stop working so its not for the faint of heart. Read the following.

A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm

Jim

I'm aware of that, and some could follow this discuss over there for better understanding. i did applyed the two registry settings five days ago (not the downloadable patch yet)...still no issues.

Cross-fingered! :)

Researcher: 40 Windows Apps Affected by Critical Flaw

NoN said:

Phone Man said:

kpo6969 said:

Download details: Update for Windows 7 for x64-based Systems (KB2264107)

Download details: Update for Windows 7 (KB2264107)

This download does not fix the problem but allows you to set some register settings that restrict your programs. The bad part is some of your programs may stop working so its not for the faint of heart. Read the following.

A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm

Jim

I'm aware of that, and some could follow this discuss over there for better understanding. i did applyed the two registry settings five days ago (not the downloadable patch yet)...still no issues.

Cross-fingered! :)

Researcher: 40 Windows Apps Affected by Critical Flaw

I just wanted to clarify the information so someone would not assume just downloading the file would fix the problem. My understanding is that you needed to download the patch for the registry settings to work. I am sure we will see lots of updates coming out as everyone scrambles to fix their products.

Jim

Phone Man said:

NoN said:

Phone Man said:

This download does not fix the problem but allows you to set some register settings that restrict your programs. The bad part is some of your programs may stop working so its not for the faint of heart. Read the following.

A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm

Jim

I'm aware of that, and some could follow this discuss over there for better understanding. i did applyed the two registry settings five days ago (not the downloadable patch yet)...still no issues.

Cross-fingered! :)

Researcher: 40 Windows Apps Affected by Critical Flaw

I just wanted to clarify the information so someone would not assume just downloading the file would fix the problem. My understanding is that you needed to download the patch for the registry settings to work. I am sure we will see lots of updates coming out as everyone scrambles to fix their products.

Jim

Yes i saw that, i've got to save some work before applying the patches after the registry change. Well i'm doing it in two steps!. Better do a restore point before....

I'm sure those manufacturers will be part paid by MS to patch their products soon!

NoN said:

Phone Man said:

NoN said:

I'm aware of that, and some could follow this discuss over there for better understanding. i did applyed the two registry settings five days ago (not the downloadable patch yet)...still no issues.

Cross-fingered! :)

Researcher: 40 Windows Apps Affected by Critical Flaw

I just wanted to clarify the information so someone would not assume just downloading the file would fix the problem. My understanding is that you needed to download the patch for the registry settings to work. I am sure we will see lots of updates coming out as everyone scrambles to fix their products.

Jim

Yes i saw that, i've got to save some work before applying the patches after the registry change. Well i'm doing it in two steps!. Better do a restore point before....

I'm sure those manufacturers will be part paid by MS to patch their products soon!

Let us know how it works out and if it breaks any programs. Glad we have a brave "tester" on board.

Jim

Phone Man said:

NoN said:

Phone Man said:

I just wanted to clarify the information so someone would not assume just downloading the file would fix the problem. My understanding is that you needed to download the patch for the registry settings to work. I am sure we will see lots of updates coming out as everyone scrambles to fix their products.

Jim

Yes i saw that, i've got to save some work before applying the patches after the registry change. Well i'm doing it in two steps!. Better do a restore point before....

I'm sure those manufacturers will be part paid by MS to patch their products soon!

Let us know how it works out and if it breaks any programs. Glad we have a brave "tester" on board.

Jim

Patch kb 2264107 installed after recreated the registry key CWDIllegalInDllSearch in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager", set to 1.

Might test the others options while i'm in...!

Let see all that next few days! :)