Microsoft released Security Advisory 2269637 which relates to a remote attack vector to a class of vulnerabilities affecting applications that load DLL’s in an insecure manner.
Microsoft is conducting investigations into how this vector may affect Microsoft products. In the meantime, both the Security Advisory and the SR&D blog have information for IT Pros as well as a tool that can be configured to disable the loading of libraries from network shares. See Knowledge Base article 2264107.
Although the above addresses networks, what danger is there to home computer users? The people most likely to be impacted are those who use P2P file-sharing programs such as uTorrent. The Mitigating Factors in the Security Advisory are pertinent in this regard.
This issue only affects applications that do not load external libraries securely.P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.
Computers are expensive. Protect your investment. Only download programs from reputable websites and do not use P2P file-sharing software programs.
- Knowledge Base article 2264107
- MSRC Blog: Microsoft Security Advisory 2269637 Released
- SR&D Blog: More information about the DLL Preloading remote attack vector
- TechNet: Security Advisory 2269637
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Advisory, Vulnerabilities, Information,