Microsoft patches half of their own insecure library loading vulnerabilities
It has taken the Microsoft code writers 15 weeks to patch just half of the insecure library loading vulnerabilities they announced on August 23, 2010. These patches were released with the December 14, 2010 Windows Updates.
I first wrote about the insecure library loading vulnerabilities back on October 10, 2010. At that time there were 176 programs, 20 of which belong to Microsoft, that were affected by the underlying vulnerability in how applications can call on a .dll file (Dynamic Link Library) when a program loads in Windows (this is a Windows flaw). Now, there are 239 exploitable programs on list of vulnerable programs, maintained by the security firm Secunia.
It was revealed on August 23, in Microsoft Security Advisory 2269637, that Windows itself allowed for a wider range of actual paths to be searched when a ".dll" file was requested than most thought was the case. These paths allowed a software program to specify a remote location for a required dll file, which could include the Internet! Many commonly used programs could be exploited by adding a line of code that changed the path to their dll files. This made it possible for malware writers to infect Windows PCs by tricking users into opening their own installed vulnerable applications, that they had exploited to request remote mal-crafted dll files, instead of the legitimate files installed by the program.
Here is what I wrote about this remote vulnerability:
the security firm Secunia has identified 176 programs that can be exploited by directing one of these applications to load a remotely hosted hostile file, when the targeted program opens, or opens an associated file. The exploited files are .dll libraries, which just about every Windows program uses as includes to add functionality to the main program executable. The .dll files are actually executable files, but only when called by another executable.
On November 9, 2010, Microsoft released critical patches for several of its newer MS Office applications, one of which plugged a security issue involving .dll path hijacking. It took an additional 5 weeks for them to patch another 9 programs, on December 14, 2010. This brings their new total for MS programs affected by the insecure library loading issue to 10. Unfortunately, three of these unpatched programs include Windows XP Home, XP Professional and Windows Live Mail. Millions of people are using those operating systems and that email client!
Since there are still 10 Microsoft programs, include operating systems remaining exploitable, plus 229 from other very popular software companies, I recommend that technically adept PC users read the information on this Microsoft Support Article 2264107 and apply the Fix It Tool about half way down the page. You must first apply a Registry change, in the beginning of that article, before the Fix It Tool will work.
In the meantime, apply all available Microsoft patches, especially those for MS Office programs, and read the Secunia list of vulnerable programs, and apply the Fix It recommendations from Microsoft. As the other software companies released patched versions of their programs, you should install those new versions.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.