Tool released to address DLL preloading remote attack vector

Over the last week, there have been numerous articles on the web about the DDL hijacking vulnerability reported by ACROS and H.D. Moore of Megasploit. The headlines mentioned “at least 40 applications that are vulnerable.” These are applications that don’t specify a fully qualified path name when loading a library. For more information about how the exploit works, see:

http://isc.sans.edu/diary.html?storyid=9445&rss

Microsoft has released a tool that you can use to control the DLL search path algorithm and block the use of this exploit. It changes the behavior when loading libraries and it can be applied to the entire system or just to specific applications. You can read more about it and download it here:

http://support.microsoft.com/kb/2264107 

There is more information about this attack vector, including guidance for developers to prevent their applications from being exploited in this way, here:

http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top