Without breaking anything? Not so evident to me GuidoElia HELPPC _____
Da: Andrew S. Baker [mailto:[email protected]] Inviato: martedì 24 agosto 2010 16.27 A: NT System Admin Issues Oggetto: Re: DLL hijacking vulnerabilities Yes, there is. If you understand the nature of the vulnerability, that is. Because of the way the search path works you can hijack a missing DLL for any application. Now, you have a way to prevent that from being exploited remotely. ASB <http://XeeSM.com/AndrewBaker> (My XeeSM Profile) Exploiting Technology for Business Advantage... Signature powered by <http://www.wisestamp.com/email-install> WiseStamp On Tue, Aug 24, 2010 at 10:00 AM, HELP_PC <[email protected]> wrote: You mean there isn't. And workarounds on KB 2269637 are really idiot GuidoElia HELPPC _____ Da: Andrew S. Baker [mailto:[email protected]] Inviato: martedì 24 agosto 2010 15.41 A: NT System Admin Issues Oggetto: DLL hijacking vulnerabilities There is now an Microsoft-supplied workaround for the DLL vulnerability that was publicized below: <http://www.computerworld.com/s/article/9180978/Zero_day_Windows_bug_problem_worse_than_first_thought_says_expert> http://www.computerworld.com/s/article/9180978/Zero_day_Windows_bug_problem_worse_than_first_thought_says_expert See the following: DLL hijacking vulnerabilities https://isc.sans.edu/diary.html?storyid=9445 Insecure Library Loading Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/2269637.mspx More information about the DLL Preloading remote attack vector http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm <http://support.microsoft.com/kb/2264107> http://support.microsoft.com/kb/2264107 ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by <http://www.wisestamp.com/email-install> WiseStamp ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
