Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
A week after Microsoft released a fix for a DLL vulnerability
that affected a large number of programs running on its operating
systems, it has released a second fix for the same problem.
DLLs (Dynamic Link Libraries), which contain commonly used functions,
are essential to most programs running on Windows operating
systems. When a program needs a certain library but doesn't specify
its location, Windows looks for libraries in certain places,
including the user directory.
By changing this user directory to something it controls and by storing
a malicious version of the library there, a piece of malware can make
otherwise harmless programs use part of these malicious libraries.
Programs that are vulnerable to this kind of attack include
Microsoft Office Powerpoint 2007, Skype and
Opera.
While software developers are working hard to fix their programs,
Microsoft released a workaround last week which prevented
insecure DLLs from loading from remote and local file sharing locations. However, the fix meant
the user had to make some
manual changes to the registry, which can cause harm if not done
correctly. Home users in particular were put off by this. The new fix does not have this problem.
More can be found at the blog of security journalist Brian Krebs here,
where there is also an explanation of how to apply the fix.
01 September 2010
Tags:
dll, fix, microsoft, vulnerability, windows.
del.icio.us 
digg this
0 comments
