Windows DLL bug hits dozens of apps

Page 2 of 2 FirstFirst 12

  1. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       New #11

    There is the download in KB 2264107. Perhaps it will be rolled in to a SP. However, I am thinking that Microsoft may only be able to address Microsoft products because I gather the details may vary from application to application. Thus, I gather this is not just a Microsoft issue.
      My Computer
    Quote Quote

  3. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       New #12

    Update on Security Advisory 2269673


    (Cross-posting due to multiple topics on this issue.)

    As described in the Security, Research & Defense blog (linked below), the following would need to occur in order to be exploited:
    "this class of vulnerabilities could allow malicious code to run if an attacker can convince a victim to do the following:

    • Browse to a malicious, untrusted WebDAV server in the Internet Zone; and
    • Double-click a file that appears by its extension and icon to be safe"
    Microsoft plans to address the Microsoft products affected by this issue, primarily be in the form of security updates or defense-in-depth updates. However, as to third-party products, it is up to those vendors to provide patches for their affected software, which may take some time or, as Jerry Bryant indicated, may not be possible. As a result, the Microsoft Fix it Team has developed a Fix it solution to enable the Microsoft-recommended setting which blocks most network-based vectors.

    Microsoft Fix it 50522 Steps:

    1. Download and then install update 2264107, available from the bottom of the page at KB 2264107.
    2. From the same page, click the Fix it button or link under the Enable this fix it heading. Click Run in the File Download dialog box, and then follow the steps in the fix it wizard.

      The Fix it solution will deploy the registry entry that is needed to block nonsecure DLL loads from WebDAV and SMB locations.

    Note: The tool is limited to protecting against DLL preloading only and does not protect against .exe files that do not properly load files via a fully qualified path. As stated previously, the software vendors will be required to update those applications accordingly.


      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
Windows 7 Hits a New Low No not its expectation or usage but its lowest boot specification!!! Screenshots below: 128 MB memory http://images.pcworld.com/news/graphics/166992-daveblog_ancientw7_original.jpg
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:00.
Find Us