Sunday, August 29, 2010

Windows DLL load hijacking exploits go wild

In case you're work needs to be secure



A worthy read

Amplify’d from www.reuters.com

Less than 24 hours after Microsoft said it couldn't patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company's software.


Also on Tuesday, a security firm that's been researching the issue for the last nine months said 41 of Microsoft's own programs can be remotely exploited using DLL load hijacking, and named two of them.

On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.

If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive -- and in some cases con them into opening a file -- they can hijack the PC and plant malware on the machine.

By Tuesday, at least four exploits of what some call "binary planting" attacks, others dub "DLL load hijacking" attacks, had been published to a well-known hacker site. Two of the exploits targeted Microsoft-made software, including PowerPoint 2010, the presentation maker in Office 2010, and Windows Live Mail, a free e-mail client bundled with Vista but available as a free download for Windows 7 customers.

Read more at www.reuters.com
 

No comments: