Tuesday, August 31, 2010

Update on Security Advisory 2269673, Including Microsoft Fix it

Last week, Microsoft released Security Advisory 2269637 which relates to a remote attack vector to a class of vulnerabilities affecting applications that load DLL’s in an insecure manner.  As described in the Security, Research & Defense blog, the following would need to occur in order to be exploited: 
"this class of vulnerabilities could allow malicious code to run if an attacker can convince a victim to do the following:
  • Browse to a malicious, untrusted WebDAV server in the Internet Zone; and
  • Double-click a file that appears by its extension and icon to be safe"
    Jerry Bryant explained at the MSRC Blog in Update on Security Advisory 2269673 that Microsoft plans to address the Microsoft products affected by this issue, primarily be in the form of security updates or defense-in-depth updates.

    It is important to keep in mind that while Microsoft continues investigations in Microsoft products that are impacted by the vulnerability, there are many third-party applications that are also impacted (see DLL Hijacking (KB 2269637) – the unofficial list by Peter Van Eeckhoutte).  It is up to those vendors to provide patches for their affected software, which may take some time or, as Jerry Bryant indicated, may not be possible.  As a result, the Microsoft Fix it Team has developed a Fix it solution to enable the Microsoft-recommended setting which blocks most network-based vectors.


    Steps:
    1. Download and then install update 2264107, available from the bottom of the page at KB 2264107.
    2. From the same page, click the Fix it button or link under the Enable this fix it heading. Click Run in the File Download dialog box, and then follow the steps in the fix it wizard. 

      The Fix it solution will deploy the registry entry that is needed to block nonsecure DLL loads from WebDAV and SMB locations.
    Note:  The tool is limited to protecting against DLL preloading only and does not protect against .exe files that do not properly load files via a fully qualified path.  As stated previously, the software vendors will be required to update those applications accordingly.


    References:
    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Advisory, Vulnerabilities, Information, Fix it, How to,


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    No comments: