 | |
| |
| 26 Aug 2010 | |
| Windows 7 Home Premium 32 bit 5,681 posts In a house with a cat trying to kill me | Windows DLL bug hits dozens of apps Quote: A flaw in the way Windows handles DLL (dynamic-link library) and related files likely affects hundreds of applications and has already been used in malicious attacks in the wild, a security researcher said on Tuesday. Microsoft acknowledged in an advisory on Monday a type of attack mechanism known as DLL preloading, or binary planting and said that while it is not new it does have a new remote-attack vector. Malicious code can now be planted on a network share instead of just on a local system, making it much easier to attack vulnerable systems by duping people into clicking on malicious Web links or opening malicious documents. Now, the Exploit-db.com exploit database is getting flooded with submissions of applications that people say are vulnerable, including Windows Live Mail, Windows Movie Maker, Microsoft PowerPoint 2010, Office 2007, and non-Microsoft applications like Firefox 3.6.8, Foxit Reader, Wireshark and uTorrent, said Mati Aharoni, founder of security firm Offensive Security, which runs the exploit database. Windows DLL bug hits dozens of apps | Security - CNET News |
My System Specs | |
| 26 Aug 2010 | |
| Windows 7 Ultimate 32bit SP1 7,144 posts | See the 'work-around' Microsoft Offers Workaround For Remote DLL Vulnerability |
| My System Specs |
| 26 Aug 2010 | |
| Windows 7 Pro 64 bit 684 posts | Don't you just love this consistent race to keep ahead  |
| My System Specs |
| . |
| |
| 26 Aug 2010 | |
| Windows 7 x64 Ultimate 2,557 posts San Diego | At this point this is more like the race of the "researchers" trying to keep their names ahead of other researchers. I've got a serious security announcement. Windows is insecure because users are allowed to install programs. Programs that may contain trojans. In fact ALL OSes (that are not admin locked down tight) are compeltely vunerable to this attack. I suggest that all OS vendors now adopt a policy of not allowing any prgram or plugin installs after OS install to close this hole. (There is significantly zero difference between "somehow" replacing a DLL in a program folder and replacing the exe itself or installing a new exe containing the exact same malicious payloads) |
| My System Specs |
| 26 Aug 2010 | |
| Windows 7 Home Premium 32 bit 5,681 posts In a house with a cat trying to kill me | Thanx Jacee One of the links leads to an MS site that offers a tool Quote: Another option for protecting your systems is to deploy a tool that can help prevent exploitation of this issue. Knowledge Base article 2264107 offers for download a tool that allows customers to selectively change the library loading behavior, either system-wide or for specific applications. |
| My System Specs |
| 26 Aug 2010 | |
| Windows 7 x64 Ultimate 2,557 posts San Diego | Someone needs to be the guinea pig and test this on a test machine. From reading the article, there is a good chance that installing it may break nearly every single installed program on your machine since nearly every single installed program (of any heft) runs with DLLs in it's CWD and all programs default to allowing the OS to "search" for them rather than load them by hand. The number of programs that work and how deeply they work till they break could vary greatly. |
| My System Specs |
| 26 Aug 2010 | |
| Windows 7 Home Premium 32 bit 5,681 posts In a house with a cat trying to kill me | 
Quote: Originally Posted by fseal  Someone needs to be the guinea pig and test this on a test machine. From reading the article, there is a good chance that installing it may break nearly every single installed program on your machine since nearly every single installed program (of any heft) runs with DLLs in it's CWD and all programs default to allowing the OS to "search" for them rather than load them by hand. The number of programs that work and how deeply they work till they break could vary greatly. Quote: The patch breaks Chrome. When opening Chrome, it says it cannot find the file avutil-50.dll . Quote: It appears the MS Tool does not actually add the CWDIllegalInDllSearch registry value, rather it just updates the .dll's outlined in A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm . Can someone verify this on their systems. I tested the update on XP SP3 and Win 7. Manual creation of the registry key seems to be needed. DLL hijacking vulnerabilities |
| My System Specs |
| 26 Aug 2010 | |
| Windows 7 130 posts Detroit, Michigan | Excellent info. Thank you. |
| My System Specs |
| 27 Aug 2010 | |
| Windows 7 & Windows Vista Ultimate 2,476 posts Upstate NY | Here's a list of actual potentially vulnerable applications: DLL Hijacking (KB 2269637) – the unofficial list (Peter Van Eeckhoutte). In the event a program is "broken" by the Microsoft tool, if you use WinPatrol PLUS, with this simple entry, WinPatrol will notify you if anyone tries to create and change the value. The steps are simple. Start by launching WinPatrol, select the "Registry Monitoring" tab and click Add. A new window will open to add the item to be monitored.
If additional information is needed, illustrations are included in my blog post Protection From DLL Vulnerability with WinPatrol PLUS. |
| My System Specs |
| 27 Aug 2010 | |
| Windows 7 Home Premium 32 bit 5,681 posts In a house with a cat trying to kill me | Thanx Corrine.... I hope MS fixes this soon...like I have any time for anything anymore. Incredible...school just started and I'm already up to my *ss in homework.  |
| My System Specs |
 |
Windows DLL bug hits dozens of apps problems?
| Thread Tools | |
| Similar help and support threads for: Windows DLL bug hits dozens of apps | ||||
| Thread | Forum | |||
| Dozens of BSOD's | BSOD Help and Support | |||
| I have dozens of the SAME photos using diff photo organize software!? | Music, Pictures & Video | |||
| Dozens of ZeuS Botnets Knocked Offline. | Security News | |||
| Windows 7 hits RTM | News | |||
| Windows 7 Hits a New Low | News | |||
All times are GMT -5. The time now is 04:22 AM.
