Microsoft released this week information about an issue in their OS that has made hundreds of applications that run on Windows vulnerable to attack.
Here’s the security advisory from Microsoft: http://www.microsoft.com/technet/security/advisory/2269637.mspx
The vulnerability basically allows applications to start DLLs that are on remote network shares. A DLL (Dynamic Link Library) is a piece of code used by applications to help them run. Typically when an application is installed the associated DLLs are either placed in a standard directory (C:\Windows\System32) or in the same directory that the application is installed in. The flaw allows the applications to start DLLs that are not on the local workstation. This means that if you attach to a network share and click on a file on that network share and it starts an application on your local workstation that application may actually call a malicious DLL that is saved on that network share rather than your local workstation.
Here are a couple more articles on the vulnerability:
- http://isc.sans.edu/diary.html?storyid=9445
- http://www.zdnet.com/blog/security/details-emerge-on-new-dll-load-hijacking-windows-attack-vector/7204
- http://www.pcworld.com/businesscenter/article/204017/microsoft_applications_plagued_by_binary_planting_flaw.html
MaaS360 Patch Analyzer provides access to detailed information about installed and missing patches including Product, Title, KB Article ID, Bulletin ID, Severity, Category, and More Info URL to Microsoft® TechNet.
