- Top 10 Recession-Proof IT Jobs
- 7 Hot IT Jobs That Will Land You a Higher Salary
- Link Building Strategies and Tips for 2014
- Top 10 Accessories for Your iPad Air
PC World - Microsoft released a security advisory in response to a potential exploit, known as DLL preloading or binary planting, which has been found to impact hundreds of third-party Windows applications--possibly including software developed by Microsoft itself. Unfortunately, this isn't a simple Windows vulnerability that Microsoft can fix with its next patch release, so it's important that you understand the flaw and what is at risk, as well as what you can do to protect your systems.
Microsoft senior security response communications manager Christopher Budd explained in a Microsoft Security Response Center blog post "This is different from other Microsoft Security Advisories because it's not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a new, remote vector for a well-known class of vulnerabilities, known as DLL preloading or "binary planting" attacks."
What is Binary Planting?
According to a post on the Microsoft Security and Defense Research blog, "When an application loads a DLL without specifying a fully qualified path name, Windows will attempt to locate the DLL by searching a defined set of directories...For the sake of this issue, its sufficient to say that if an attacker can cause an application to LoadLibrary() while the application's current directory is set to an attacker-controlled directory, the application will run the attacker's code."
How Big is the Problem?
While Microsoft acknowledges that it is investigating internal software code to determine if Microsoft products are impacted as well, some researchers feel Microsoft is downplaying the possibility. Andrew Storms, director of security operations for nCircle, noted "The big question of the day doesn't concern third party application developers that didn't follow Microsoft's programming advice and so are vulnerable to this category of attack. The big question is: which of Microsoft's own products are vulnerable?"
One security firm has issued the blunt warning "we can safely say that all Windows users can at this moment be attacked via at least one remote binary planting vulnerability."
How Can This Flaw be Exploited?
If an attacker lures a user to open a remote file using a vulnerable program (one that does not load external libraries securely), the file may attempt to load one of its libraries from the remote location. If a specially crafted malicious library is loaded from the remote location, it may allow the attacker to execute malicious code on the remote compromised PC.
Network file systems such as WebDAV and SMB offer remote attack vectors that an attacker can use to provide malicious files and attempt to exploit this flaw. A successful attack would grant access on the vulnerable system to the attacker with the same user rights as the currently logged-on user. If the logged-on user has administrative privileges, the attacker can install other malicious software, change or delete data, and have carte blanche on the compromised machine.
Originally published on www.pcworld.com. Click here to read the original story.