Microsoft has posted an advisory that explains the "DLL preloading attacks" and offers a work-around tool that �allows customers to disable the loading of libraries from remote network or WebDAV shares. This tool can be configured to disallow insecure loading on a per-application or a global system basis.�
When an application loads a .dll file, but doesn�t name a full path name,Windows searches a pre-defined set of directories for it. Exploiting this, an intruder could social engineer a victim into loading a malicious .dll from a USB drive or from a network and execute arbitrary code.
Advisory here: Insecure Library Loading Could Allow Remote Code Execution
Tom Kelchner
No comments:
Post a Comment