Microsoft Keeps Programs Prone to DLL Hijack a Secret
After some complaints that some Windows applications can be prone to hijacking, Microsoft is on its way to patch things up. But users can have yet, because deployment can take a couple of weeks. Still, the company has their mouth zipped about their vulnerable apps.
Microsoft remained silent from naming which of its Windows program, are prone to widespread “DLL Load Hijacking.” Because the programs don’t call code libraries using the full path name, DLL Load hijacking exist in many Windows applications. The culprit can exploit by tricking the application to load a malicious file required by the DLL, resulting for a malware to be planted on the machine. According to Jerry Bryant, group manager of Microsft Security response Center, the company plans to address the affected products through security or defense-in-depth updates. The company also published an automated tool that can help users to block such attacks.
Though Microsoft declined to identify their vulnerable software, outside researchers have labeled Word 2007, PowerPoint 2007 and 2010, Address Books, Windows Contact and Windows Live Mail as potential targets. Mozilla Firefox, Google Chrome and Adobe Photoshop may also be at risk. Bryant also hinted that some Microsoft software can be exploited remotely — through e-mail or internet — and with the help of users. It usually happens when a PC owner clicks through a warning and open a malicious file. It only means that a user needs to browse to malicious WebDAV or SMB server, and double-click a file in the Windows Explorer window. To make everything simple, Microsoft posted a “Fix It” tool on their support to automatically block DLLs from loading WebDAV or SMB shares. However, users still need to download the original tool.
Good thing, some vendors, like uTorrent and Wireshark, already made an update to address the bug while others are working on a fix. Microsoft has known of the issue since August 2009, but there are evidences as far back as 2000 about the exploiting attacks. More so, Bryant admitted that patches may take long to be pushed to the consumers. As of the moment, the blocking tool is the best defense for hijack attacks. With that in mind, the company plans to make the tool available for deployment within the next couple of weeks through Windows Server Update Service.View Article Source »