Take our FREE 30-Day Trial with no obligation required.

Experience for yourself why MaaS360 is a leader in MDM Solutions.

Divider

Fill out your information below to start.

Your email and personal information are confidential, and will not be sold or rented. See our Privacy Policy for more information.

Loading...
Loading...
Click here to hide

MaaS360 by Fiberlink

Microsoft DLL Hijacking Vulnerability

Microsoft DLL Hijacking Vulnerability

by MaaS360 staff | August 26, 2010

Microsoft released this week information about an issue in their OS that has made hundreds of applications that run on Windows vulnerable to attack. 

Here’s the security advisory from Microsoft: http://www.microsoft.com/technet/security/advisory/2269637.mspx

The vulnerability basically allows applications to start DLLs that are on remote network shares.  A DLL (Dynamic Link Library) is a piece of code used by applications to help them run.  Typically when an application is installed the associated DLLs are either placed in a standard directory (C:\Windows\System32) or in the same directory that the application is installed in.  The flaw allows the applications to start DLLs that are not on the local workstation.  This means that if you attach to a network share and click on a file on that network share and it starts an application on your local workstation that application may actually call a malicious DLL that is saved on that network share rather than your local workstation. 

Here are a couple more articles on the vulnerability:

Some of the application impacted by this are Windows Office, WireShark, Firefox (v3.6.8), Windows Live Mail, etc.  Basically be expecting a lot of patches to be coming out over the upcoming weeks.  To limit your personal exposure be sure you know and trust the location of the files you are opening. 

 

MaaS360 Patch Analyzer provides access to detailed information about installed and missing patches including Product, Title, KB Article ID, Bulletin ID, Severity, Category, and More Info URL to Microsoft® TechNet.

, , , , , , , , ,

Post a Comment

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Get Involved!

Sign in using one of your existing social accounts.

...or manually register for a new account here.

Free Webinars

@MaaS360 on Twitter more...

  • MaaS360 MaaS360 by IBM
    See how A.O. Smith ensures secure & effective BYOD processes with the help of MaaS360: bit.ly/1AKVs0N
  • MaaS360 MaaS360 by IBM
    Get in the holiday mood with our The 12ish Days of Mobile Device Givening video! bit.ly/1wIhLVQ #mobility
  • MaaS360 MaaS360 by IBM
    Why we've been named a leader in the 2014 Aragon Research Globe for Enterprise Mobile Management: bit.ly/16w933k

Most Active Users

vhetrick
2014_08_14
jharrington
KaylaBittne...
Joe Pappano
bcampbell
Donna Lima
jwittkopp
manthony
KumarA
Giovanni
Pragati Cha...
TRUSTe European Safe Harbor certification TruSaaS
© Fiberlink Communications Corp. All rights reserved. Privacy Policy
All brands and their products, featured or referred to within this site, are trademarks or registered trademarks of their respective holders and should be noted as such.