Microsoft releases new fix for DLL vulnerability

Posted by   Virus Bulletin on   Sep 1, 2010

Earlier workaround believed to be too complex for most users.

A week after Microsoft released a fix for a DLL vulnerability that affected a large number of programs running on its operating systems, it has released a second fix for the same problem.

DLLs (Dynamic Link Libraries), which contain commonly used functions, are essential to most programs running on Windows operating systems. When a program needs a certain library but doesn't specify its location, Windows looks for libraries in certain places, including the user directory.

By changing this user directory to something it controls and by storing a malicious version of the library there, a piece of malware can make otherwise harmless programs use part of these malicious libraries. Programs that are vulnerable to this kind of attack include Microsoft Office Powerpoint 2007, Skype and Opera.

While software developers are working hard to fix their programs, Microsoft released a workaround last week which prevented insecure DLLs from loading from remote and local file sharing locations. However, the fix meant the user had to make some manual changes to the registry, which can cause harm if not done correctly. Home users in particular were put off by this. The new fix does not have this problem.

More can be found at the blog of security journalist Brian Krebs here, where there is also an explanation of how to apply the fix.

Posted on 01 September 2010 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Throwback Thursday: Giving the EICAR test file some teeth

The 68-byte EICAR test file plays as important a role today as it did 19 years ago. In this week's Throwback Thursday we look back at a VB99 conference paper in which Randy Abrams described how this 'miracle tool' worked and how it could be used.

XMRig used in new macOS cryptominer

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.

Tendency for DDoS attacks to become less volumetric fits in a wider trend

CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.

Turkish Twitter users targeted with mobile FinFisher spyware

Through fake social media accounts, users were tricked into installing an Android application that was actually a mobile version of the FinFisher spyware.

Hide'n'Seek IoT botnet adds persistence

The Hide'n'Seek IoT botnet has received an update to make its infection persist on infected devices beyond a restart.