Microsoft vulnerable to application code execution
Microsoft’s Monday warning about the code-execution vulnerability that affected many third-party applications seems very serious.
Attackers would be able to run their malicious programs on many computers because of this.
DLL Files vulnerability in Microsoft Windows
Microsoft’s security team is in the process of identifying the programs that are susceptible to this binary planting bug.
As there is no known fix yet for this issue, system’s administrators are advised to work around this problem by changing how DLL files are loaded or by disabling the affected network services that allow for the exploit of the vulnerability.
As the loading of dynamic libraries is common for many programs run on the Window’s platform and other operating systems, it will be very difficult to address this problem head on. Developers where advised by Microsoft to take advance precautions when writing their codes.
Developers were encouraged to adopt better security practices such as providing the exact location of needed DLL files for their programs.
More than 200 Windows applications affected by vulnerability
They were also able to confirm reports that hackers are exploiting this vulnerability through a variety of means.
Many programs are affected by this flaw due to the fact that many applications only list the file name of the libraries they require instead of listing the actual path of the files they would need.
As the number of applications affected by this vulnerability cannot be easily established, a researcher was already able to narrow down at least 200 windows applications affected by this bug.
It will take a considerable amount of time to gauge the extent of the programs affected by this bug.
Developers for Microsoft compatible applications would have to add to their list of best coding security practices to keep up and make sure their succeeding versions of applications take this security vulnerability into account when programming the DLL libraries needed by their software.
Hopefully Microsoft can do more but that remains to be seen.