Windows DLL bug hits dozens of apps

Page 1 of 2 12 LastLast

  1. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #1

    Windows DLL bug hits dozens of apps


    A flaw in the way Windows handles DLL (dynamic-link library) and related files likely affects hundreds of applications and has already been used in malicious attacks in the wild, a security researcher said on Tuesday.

    Microsoft acknowledged in an advisory on Monday a type of attack mechanism known as DLL preloading, or binary planting and said that while it is not new it does have a new remote-attack vector. Malicious code can now be planted on a network share instead of just on a local system, making it much easier to attack vulnerable systems by duping people into clicking on malicious Web links or opening malicious documents.

    Now, the Exploit-db.com exploit database is getting flooded with submissions of applications that people say are vulnerable, including Windows Live Mail, Windows Movie Maker, Microsoft PowerPoint 2010, Office 2007, and non-Microsoft applications like Firefox 3.6.8, Foxit Reader, Wireshark and uTorrent, said Mati Aharoni, founder of security firm Offensive Security, which runs the exploit database.
    Read More:

    Windows DLL bug hits dozens of apps | Security - CNET News
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2
      My Computer


  3. Posts : 627
    Windows 7 Pro 64 bit
       #3

    Don't you just love this consistent race to keep ahead
      My Computer


  4. Posts : 2,528
    Windows 7 x64 Ultimate
       #4

    At this point this is more like the race of the "researchers" trying to keep their names ahead of other researchers.

    I've got a serious security announcement. Windows is insecure because users are allowed to install programs. Programs that may contain trojans. In fact ALL OSes (that are not admin locked down tight) are compeltely vunerable to this attack.

    I suggest that all OS vendors now adopt a policy of not allowing any prgram or plugin installs after OS install to close this hole.

    (There is significantly zero difference between "somehow" replacing a DLL in a program folder and replacing the exe itself or installing a new exe containing the exact same malicious payloads)
      My Computer


  5. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
    Thread Starter
       #5

    Thanx Jacee

    One of the links leads to an MS site that offers a tool

    Another option for protecting your systems is to deploy a tool that can help prevent exploitation of this issue. Knowledge Base article 2264107 offers for download a tool that allows customers to selectively change the library loading behavior, either system-wide or for specific applications.
    A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm
      My Computer


  6. Posts : 2,528
    Windows 7 x64 Ultimate
       #6

    Someone needs to be the guinea pig and test this on a test machine. From reading the article, there is a good chance that installing it may break nearly every single installed program on your machine since nearly every single installed program (of any heft) runs with DLLs in it's CWD and all programs default to allowing the OS to "search" for them rather than load them by hand.

    The number of programs that work and how deeply they work till they break could vary greatly.
      My Computer


  7. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
    Thread Starter
       #7

    fseal said:
    Someone needs to be the guinea pig and test this on a test machine. From reading the article, there is a good chance that installing it may break nearly every single installed program on your machine since nearly every single installed program (of any heft) runs with DLLs in it's CWD and all programs default to allowing the OS to "search" for them rather than load them by hand.

    The number of programs that work and how deeply they work till they break could vary greatly.
    Yeah I was kinda wondering about that after I saw what it involved

    The patch breaks Chrome. When opening Chrome, it says it cannot find the file avutil-50.dll .
    It appears the MS Tool does not actually add the CWDIllegalInDllSearch registry value, rather it just updates the .dll's outlined in A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm . Can someone verify this on their systems. I tested the update on XP SP3 and Win 7. Manual creation of the registry key seems to be needed.
    Read More:

    DLL hijacking vulnerabilities
      My Computer


  8. Posts : 121
    Windows 7
       #8

    Excellent info. Thank you.
      My Computer


  9. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #9

    Here's a list of actual potentially vulnerable applications: DLL Hijacking (KB 2269637) – the unofficial list (Peter Van Eeckhoutte).

    In the event a program is "broken" by the Microsoft tool, if you use WinPatrol PLUS, with this simple entry, WinPatrol will notify you if anyone tries to create and change the value.

    The steps are simple. Start by launching WinPatrol, select the "Registry Monitoring" tab and click Add. A new window will open to add the item to be monitored.

    • Registry Key: In the Registry Key selection drop-down, make sure HKEY_LOCAL_MACHINE is selected.
    • Type or copy/paste the following in the space provided under Registry Key:

    SYSTEM\CurrentControlSet\Control\Session Manager

    • Name: In the Name space, type or copy/paste CWDIllegalInDllSearch
    • Value: In the space for Value, type 1 (the number one).
    • Value Type: In the drop-down box, select REG_DWORD
    • Click the Add button.


    If additional information is needed, illustrations are included in my blog post Protection From DLL Vulnerability with WinPatrol PLUS.
      My Computer


  10. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
    Thread Starter
       #10

    Thanx Corrine....

    I hope MS fixes this soon...like I have any time for anything anymore.

    Incredible...school just started and I'm already up to my *ss in homework.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:41.
Find Us