Microsoft To Address DLL Load Hijacking Flaw

September 1, 2010

In an update on an ongoing Microsoft investigation into a dynamic-link library (DLL) preloading vulnerability, Microsoft said it would issue security updates to address the vulnerability in its applications. The software giant rated the flaw important because a user would need to click through a series of warnings and dialogs to open a malicious file attempting to exploit the vulnerability.

"DLL preloading is a well-known class of vulnerabilities and we have had guidance for developers in place for quite some time. We have recently updated that guidance to provide more clarity," wrote Jerry Bryant, Microsoft's group manager of response communications in the Microsoft Security Response Center blog. "Even with improved guidance, we recognize that it may take quite a bit of time for all affected applications to be updated and for some an update may not be possible."

The DLL preloading issue surfaced late last month when security researcher and Metasploit architect H.D. Moore, CSO at Rapid7, published details about the DLL load hijacking issue, along with a generic exploit module for the Metasploit framework and an audit kit to identify affected applications on a system. Moore said he published the details after a Slovenian security firm published an advisory about a "binary planting" flaw in iTunes.

Microsoft issued a security advisory Aug. 23, with updated guidance for developers and a new tool that could prevent unsafe DLL loading. In addition a temporary automated patch has been developed to address network-based attack vectors, Microsoft said.

View more news