Microsoft still mum on programs prone to DLL hijacking attacks
Instead, it offers automated tool to simplify attack blocking setup
Computerworld - Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread "DLL load hijacking" attacks.
Also on Tuesday, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications.
The DLL load hijacking vulnerabilities exist in many Windows applications because the programs don't call code libraries -- dubbed "dynamic-link library," or "DLL" -- using the full pathname, but instead use only the filename. Criminals can exploit that by tricking the application into loading a malicious file with the same name as the required DLL. The result: Hackers can hijack the PC and plant malware on the machine.
"Microsoft plans to address those of our products affected by this issue in the most appropriate way for customers," said Jerry Bryant, a group manager with the Microsoft Security Response Center, in a Tuesday entry on that team's blog. "This will primarily be in the form of security updates or defense-in-depth updates."
Although Microsoft again declined to call out its vulnerable software, outside researchers have identified as potential targets a number of its high-profile apps, including Word 2007, PowerPoint 2007 and 2010, Address Book and Windows Contact, and Windows Live Mail.
Other vendors' software may also be at risk, including Mozilla's Firefox, Google's Chrome, and Adobe's Photoshop.
Bryant hinted that some Microsoft software could be exploited. "Due to the fact that customers need to click through a series of warnings and dialogs to open a malicious file, we rate most of these vulnerabilities as Important," he said, referring to the second-highest threat ranking in the company's four-step scoring system.
Microsoft typically uses Important to describe bugs that can be exploited remotely -- via the Internet or e-mail, for example -- but which also require that the user assist the attack in some way, usually by clicking through warnings or opening a malicious file.
That tool blocks the loading of DLLs from remote directories, such as those on USB drives, Web sites and an organization's network, and is aimed at enterprise IT personnel.
Not surprisingly, Microsoft acknowledged that users have asked for more help with the tool. Shortly after its release, IT professionals complained that the tool was confusing and asked colleagues for advice on how to configure it.
To simplify things, Microsoft has posted a "Fix It" tool on its support site that automatically blocks any DLLs from loading from WebDAV or SMB (Server Message Block) shares, two of the most likely attack vectors. Users must still download and install the original tool, however.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!