SUMMARY: The Wall Street Journal reported that Russia obtained classified information about how the U.S. military protects its computer networks and conducts electronic spying. The breach occurred when data was stolen by an NSA contractor, then hacked by Russia. Hari Sreenivasan speaks with The Wall Street Journal's Shane Harris.
Publish exploits to subvert Firefox, Chrome, Word, Photoshop, Skype, dozens more
Some of the world's most popular Windows programs are vulnerable to attacks that exploit a major bug in the way they load critical code libraries, according to sites tracking attack code.
Among the Windows applications that are vulnerable to exploits that many have dubbed "DLL load hijacking" are the Firefox, Chrome, Safari and Opera browsers; Microsoft's Word 2007; Adobe's Photoshop; Skype; and the uTorrent BitTorrent client.
"Fast and furious, incredibly fast," said Andrew Storms, director of security operations for nCircle Security, referring to the pace of postings of exploits that target the vulnerability in Windows software. Called "DLL load hijacking" by some, the exploits are dubbed "binary planting" by others.
On Monday, Microsoft confirmed reports of unpatched vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. The flaws stem from the way many Windows applications call code libraries -- dubbed "dynamic-link library," or "DLL" -- that give hackers wiggle room they can exploit by tricking an application into loading a malicious file with the same name as a required DLL.
If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive -- and in some cases con them into opening a file -- they can hijack a PC and plant malware on it.
Even before Microsoft described the problem, published its protective tool, and said it could not address the wide-ranging issue by patching Windows without crippling countless program, researcher HD Moore posted tools to find vulnerable applications and generate proof-of-concept code.
----
Until patches are available, Microsoft has urged users to download the free tool that blocks locks DLLs from loading from remote directories, USB drives, Web sites and an organization's network.
I make no guarantee that any advice given on these pages will work as expected. There are just too many variables depending on Operator Systems and hardware configurations to give any advice that will always work.
Where possible, I will provide links to my source.
