Over the last week, there have been numerous articles on the web about the DDL hijacking vulnerability reported by ACROS and H.D. Moore of Megasploit. The headlines mentioned “at least 40 applications that are vulnerable.” These are applications that don’t specify a fully qualified path name when loading a library. For more information about how the exploit works, see:
http://isc.sans.edu/diary.html?storyid=9445&rss
Microsoft has released a tool that you can use to control the DLL search path algorithm and block the use of this exploit. It changes the behavior when loading libraries and it can be applied to the entire system or just to specific applications. You can read more about it and download it here:
http://support.microsoft.com/kb/2264107
There is more information about this attack vector, including guidance for developers to prevent their applications from being exploited in this way, here: