Critical Windows DLL security flaw discovered yesterday
August 25, 2010
A critical Windows DLL (dynamic link library) security flaw has been discovered yesterday, barely a week after Microsoft had confirmed another security vulnerability in Windows applications that executes malicious code on end-user computers. The first exploits have been released targeting programs including the Firefox web browser, uTorrent BitTorrent client and Microsoft PowerPoint presentation software.
According to Mitja Kolsek, CEO of Acros Security, so far, as many as 204 various applications may be vulnerable to the so-called "binary planting" or "DLL preloading" attacks as they are being called.
Acros Security is the same Slovenia-based company that warned Microsoft of the issue back in early April.
Why Microsoft didn't acknowledge the security flaw in question or how come it didn't issue a security update for it to this date is still unknown at this time. Microsoft has often been criticized in the past for similar lack of action when presented with various incidents of that kind, which invariably have a tendency of getting worse over a period of time.
Microsoft said on Monday that the security hole stems from applications that don't explicitly state the full path name of DLL files and other binaries associated with the program. As a result, each application will have to be patched separately, rather than there being a single Windows update.
Now it appears that the software giant has its work cut out for itself, since this will have to be done in multiple security updates, known in the industry as 'Patch Tuesday', which happens on the second Tuesday of every month. Will they all be done the same day or spread over more than one update is unkown at this point in time.
The attack code was posted yesterday to the Exploit Database. It included exploits for the Wireshark packet sniffer, Windows Live email and Microsoft MovieMaker, in addition to those for the most recent versions of Firefox, uTorrent and PowerPoint.
In addition to the four exploits, H.D. Moore, chief security officer of the MetasPloit project, has released an auditing tool to identify vulnerable Windows applications. When combined with a module added to the MetasPloit framework for penetration testers and hackers, it provides most of what's needed to exploit critical, vulnerable programs that also are prone to DLL exploits of various types.
Both Moore and Kolsek added that additional software from Microsoft is still vulnerable and in more ways than one.
Microsoft's security team has said it's still investigating whether its applications are susceptible or not.
Security experts all over the world are now urging the software giant to be more proactive when it comes to the security of the many types of software the company produces.
Source: Acros Security.
You can link to the Internet Security web site as much as you like.