Wifi Password Recovery - UTM - Vulnerability Scanning
 

   

    
Toll Free: +1-888-704-7297

Sun Sun Sun

You are here: News > News > Microsoft admits existence of application code-execution bug

» IT Security NEWS
 
» 24 August 2010
Microsoft admits existence of application code-execution bug

 

Microsoft’s Monday warning about the code-execution vulnerability that affected many third-party applications seems very serious. Attackers would be able to run their malicious programs on many computers because of this.

 

Microsoft’s security team is in the process of identifying the programs that are susceptible to this binary planting bug. As there is no known fix yet for this issue, system’s administrators are advised to work around this problem by changing how DLL files are loaded or by disabling the affected network services that allow for the exploit of the vulnerability.

 

As the loading of dynamic libraries is common for many programs run on the Window’s platform and other operating systems, it will be very difficult to address this problem head on. Developers where advised by Microsoft to take advance precautions when writing their codes. Developers were encouraged to adopt better security practices such as providing the exact location of needed DLL files for their programs. The actual advisory can be found here.

 

They were also able to confirm reports that hackers are exploiting this vulnerability through a variety of means. Many programs are affected by this flaw due to the fact that many applications only list the file name of the libraries they require instead of listing the actual path of the files they would need. As the number of applications affected by this vulnerability cannot be easily established, a researcher was already able to narrow down at least 200 windows applications affected by this bug.

 

It will take a considerable amount of time to gauge the extent of the programs affected by this bug. Developers for Microsoft compatible applications would have to add to their list of best coding security practices to keep up and make sure their succeeding versions of applications take this security vulnerability into account when programming the DLL libraries needed by their software. Hopefully Microsoft can do more but that remains to be seen.

 

Your Security is important to us here at SecPoint. Read more about us, our news, and security products.   

 

 

 

Click Here For Web Shop

Reviews of SecPoint.com
 
 
 
 
 

Subscribe to our Mailing List
Customer References
 
More satisfied customers
   
aAwards & Reviews
 

View more awards..

Free Services
Free Vulnerability Scan

Free WiFi Security Guide

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245