Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows DLL bug hits dozens of apps

27 Aug 2010   #11
Corrine

Windows 7 & Windows Vista Ultimate
 
 

There is the download in KB 2264107. Perhaps it will be rolled in to a SP. However, I am thinking that Microsoft may only be able to address Microsoft products because I gather the details may vary from application to application. Thus, I gather this is not just a Microsoft issue.


My System SpecsSystem Spec
.
31 Aug 2010   #12
Corrine

Windows 7 & Windows Vista Ultimate
 
 
Update on Security Advisory 2269673

(Cross-posting due to multiple topics on this issue.)

As described in the Security, Research & Defense blog (linked below), the following would need to occur in order to be exploited:
Quote:
"this class of vulnerabilities could allow malicious code to run if an attacker can convince a victim to do the following:
  • Browse to a malicious, untrusted WebDAV server in the Internet Zone; and
  • Double-click a file that appears by its extension and icon to be safe"
Microsoft plans to address the Microsoft products affected by this issue, primarily be in the form of security updates or defense-in-depth updates. However, as to third-party products, it is up to those vendors to provide patches for their affected software, which may take some time or, as Jerry Bryant indicated, may not be possible. As a result, the Microsoft Fix it Team has developed a Fix it solution to enable the Microsoft-recommended setting which blocks most network-based vectors.

Microsoft Fix it 50522 Steps:
  1. Download and then install update 2264107, available from the bottom of the page at KB 2264107.
  2. From the same page, click the Fix it button or link under the Enable this fix it heading. Click Run in the File Download dialog box, and then follow the steps in the fix it wizard.

    The Fix it solution will deploy the registry entry that is needed to block nonsecure DLL loads from WebDAV and SMB locations.
Note: The tool is limited to protecting against DLL preloading only and does not protect against .exe files that do not properly load files via a fully qualified path. As stated previously, the software vendors will be required to update those applications accordingly.

My System SpecsSystem Spec
Reply

 Windows DLL bug hits dozens of apps




Thread Tools




Similar help and support threads
Thread Forum
Windows 7 Hits a New Low
Windows 7 Hits a New Low No not its expectation or usage but its lowest boot specification!!! Screenshots below: 128 MB memory http://images.pcworld.com/news/graphics/166992-daveblog_ancientw7_original.jpg
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:39.
Twitter Facebook Google+