Friday, August 27, 2010

PC SECURITY - Windows DLL Exploits

"Windows DLL exploits boom; hackers post attacks for 40-plus apps" by Gregg Keizer, ComputerWorld 8/25/2010


Publish exploits to subvert Firefox, Chrome, Word, Photoshop, Skype, dozens more

Some of the world's most popular Windows programs are vulnerable to attacks that exploit a major bug in the way they load critical code libraries, according to sites tracking attack code.

Among the Windows applications that are vulnerable to exploits that many have dubbed "DLL load hijacking" are the Firefox, Chrome, Safari and Opera browsers; Microsoft's Word 2007; Adobe's Photoshop; Skype; and the uTorrent BitTorrent client.

"Fast and furious, incredibly fast," said Andrew Storms, director of security operations for nCircle Security, referring to the pace of postings of exploits that target the vulnerability in Windows software. Called "DLL load hijacking" by some, the exploits are dubbed "binary planting" by others.

On Monday, Microsoft confirmed reports of unpatched vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. The flaws stem from the way many Windows applications call code libraries -- dubbed "dynamic-link library," or "DLL" -- that give hackers wiggle room they can exploit by tricking an application into loading a malicious file with the same name as a required DLL.

If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive -- and in some cases con them into opening a file -- they can hijack a PC and plant malware on it.

Even before Microsoft described the problem, published its protective tool, and said it could not address the wide-ranging issue by patching Windows without crippling countless program, researcher HD Moore posted tools to find vulnerable applications and generate proof-of-concept code.
Until patches are available, Microsoft has urged users to download the free tool that blocks locks DLLs from loading from remote directories, USB drives, Web sites and an organization's network.

CAUTION - Make sure you understand this MS tool BEFORE loading. If you are NOT SURE, just wait until "patches" (Microsoft Updates) come through.

Needless to say, if you are running a top-of-the-line Antivirus/Antispyware Utility, they should protect you already.

No comments: