SecPoint Logo

Criminals hacking Normal

As hackers continue to exploit the DLL vulnerability that Microsoft said it could not patch due to the fact that it will negatively affect how many programs run, developers begin updating their software with patches addressing this issue.

Microsoft tries to give all the help it can possibly offer.

 

Among the listed applications affected by the vulnerability

Icludes Microsoft Office and Windows Mail.

Although Microsoft was unable to create a patch, it has instead opted to release to the public their Trustworthy Computing Security Development Lifecycle (SDL) model so that developers would be able to improve their software development lifecycle and learn how to create more secure software.

It has also developed a tool addressing that allows system administrators to change how DLL files are loaded by applications.

 

The developers of uTorrent and VLC have already released updated versions of their software that address this DLL vulnerability in computers running on Windows Operating systems. Hopefully the rest of the more than 200 affected applications will follow suit.

 

The DLL vulnerability is made possible by the fact that Windows uses a default search order in how it looks for DLL files when loading applications.

When developers define the path of DLL files their program uses, no problems arise.

Though most developers only define the filename of the DLL files they use.

So what happens is that the operating system first searches the operating system defined paths until it checks the working directory and finally all other paths listed on the path environment variable whether it be a network share, a WebDav folder, or a USB drive.

 

Criminals exploit this vulnerability by planting their own maliciously altered DLL files in folders which contain other data files.

For example you would like to open a video file located in an infected USB device or infected network drive.

When you click on the video for it to run and it requests for a DLL library, the application searches for the requested DLL until it looks for it in the current working directory where the malicious DLL file lays in wait to be loaded.

Although Microsoft's tool aids in protecting the system by first searching safe locations for the needed DLL files, developers were informed that they still should fix the vulnerability in their own applications to be surely safe.

 

Developers still have a long way to go before the many affected applications are patched.

While people are still debating who is at fault, we have to remember that NSA warned about this problem more than a decade ago.

Even Microsoft security experts have known of this vulnerability as shown in the blog of one of its security experts.

Only in the recent days have security experts realized to what extent this vulnerability actually affects their systems.

 

Hopefully, this arming of developers to proactively work against these vulnerabilities while still in software development would be the final step in avoiding future problems such as this one.