Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows DLL bug hits dozens of apps


26 Aug 2010   #1

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Windows DLL bug hits dozens of apps

Quote:
A flaw in the way Windows handles DLL (dynamic-link library) and related files likely affects hundreds of applications and has already been used in malicious attacks in the wild, a security researcher said on Tuesday.

Microsoft acknowledged in an advisory on Monday a type of attack mechanism known as DLL preloading, or binary planting and said that while it is not new it does have a new remote-attack vector. Malicious code can now be planted on a network share instead of just on a local system, making it much easier to attack vulnerable systems by duping people into clicking on malicious Web links or opening malicious documents.

Now, the Exploit-db.com exploit database is getting flooded with submissions of applications that people say are vulnerable, including Windows Live Mail, Windows Movie Maker, Microsoft PowerPoint 2010, Office 2007, and non-Microsoft applications like Firefox 3.6.8, Foxit Reader, Wireshark and uTorrent, said Mati Aharoni, founder of security firm Offensive Security, which runs the exploit database.
Read More:

Windows DLL bug hits dozens of apps | Security - CNET News

My System SpecsSystem Spec
.

26 Aug 2010   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
26 Aug 2010   #3

Windows 7 Pro 64 bit
 
 

Don't you just love this consistent race to keep ahead
My System SpecsSystem Spec
.


26 Aug 2010   #4

Windows 7 x64 Ultimate
 
 

At this point this is more like the race of the "researchers" trying to keep their names ahead of other researchers.

I've got a serious security announcement. Windows is insecure because users are allowed to install programs. Programs that may contain trojans. In fact ALL OSes (that are not admin locked down tight) are compeltely vunerable to this attack.

I suggest that all OS vendors now adopt a policy of not allowing any prgram or plugin installs after OS install to close this hole.

(There is significantly zero difference between "somehow" replacing a DLL in a program folder and replacing the exe itself or installing a new exe containing the exact same malicious payloads)
My System SpecsSystem Spec
26 Aug 2010   #5

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Thanx Jacee

One of the links leads to an MS site that offers a tool

Quote:
Another option for protecting your systems is to deploy a tool that can help prevent exploitation of this issue. Knowledge Base article 2264107 offers for download a tool that allows customers to selectively change the library loading behavior, either system-wide or for specific applications.
A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm
My System SpecsSystem Spec
26 Aug 2010   #6

Windows 7 x64 Ultimate
 
 

Someone needs to be the guinea pig and test this on a test machine. From reading the article, there is a good chance that installing it may break nearly every single installed program on your machine since nearly every single installed program (of any heft) runs with DLLs in it's CWD and all programs default to allowing the OS to "search" for them rather than load them by hand.

The number of programs that work and how deeply they work till they break could vary greatly.
My System SpecsSystem Spec
26 Aug 2010   #7

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote   Quote: Originally Posted by fseal View Post
Someone needs to be the guinea pig and test this on a test machine. From reading the article, there is a good chance that installing it may break nearly every single installed program on your machine since nearly every single installed program (of any heft) runs with DLLs in it's CWD and all programs default to allowing the OS to "search" for them rather than load them by hand.

The number of programs that work and how deeply they work till they break could vary greatly.
Yeah I was kinda wondering about that after I saw what it involved

Quote:
The patch breaks Chrome. When opening Chrome, it says it cannot find the file avutil-50.dll .
Quote:
It appears the MS Tool does not actually add the CWDIllegalInDllSearch registry value, rather it just updates the .dll's outlined in A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm . Can someone verify this on their systems. I tested the update on XP SP3 and Win 7. Manual creation of the registry key seems to be needed.
Read More:

DLL hijacking vulnerabilities
My System SpecsSystem Spec
26 Aug 2010   #8

 

Excellent info. Thank you.
My System SpecsSystem Spec
27 Aug 2010   #9

Windows 7 & Windows Vista Ultimate
 
 

Here's a list of actual potentially vulnerable applications: DLL Hijacking (KB 2269637) the unofficial list (Peter Van Eeckhoutte).

In the event a program is "broken" by the Microsoft tool, if you use WinPatrol PLUS, with this simple entry, WinPatrol will notify you if anyone tries to create and change the value.

The steps are simple. Start by launching WinPatrol, select the "Registry Monitoring" tab and click Add. A new window will open to add the item to be monitored.
  • Registry Key: In the Registry Key selection drop-down, make sure HKEY_LOCAL_MACHINE is selected.
  • Type or copy/paste the following in the space provided under Registry Key:
SYSTEM\CurrentControlSet\Control\Session Manager
  • Name: In the Name space, type or copy/paste CWDIllegalInDllSearch
  • Value: In the space for Value, type 1 (the number one).
  • Value Type: In the drop-down box, select REG_DWORD
  • Click the Add button.

If additional information is needed, illustrations are included in my blog post Protection From DLL Vulnerability with WinPatrol PLUS.
My System SpecsSystem Spec
27 Aug 2010   #10

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Thanx Corrine....

I hope MS fixes this soon...like I have any time for anything anymore.

Incredible...school just started and I'm already up to my *ss in homework.
My System SpecsSystem Spec
Reply

 Windows DLL bug hits dozens of apps




Thread Tools



Similar help and support threads for2: Windows DLL bug hits dozens of apps
Thread Forum
Dozens of BSOD's BSOD Help and Support
Oracle to Patch Dozens of Security Flaws Tomorrow Security News
I have dozens of the SAME photos using diff photo organize software!? Music, Pictures & Video
Pre-release Windows 8 code hits PC makers News
Dozens of ZeuS Botnets Knocked Offline. Security News
Windows 7 hits RTM News
Windows 7 Hits a New Low News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:45 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33