Thanks ASB. I'm guessing that MS expects the solution cycle for this vuln will take some time, therefore they took the unusual step of creating a patch to mitigate it. Question is, will the patch and registry value be rolled out as a security/critical update? The most vulnerable computers/users are those without an I.T. staff to automate the patch install and reghack. How many soho/home users would notice if their local applications could not access DLLs on WEBDAV or remote shares? Less than .001% I'd bet - but still too many?
Most any business with an infrastructure that can't deal with the DLL restriction would also have WSUS controlling patch rollout - so I say, make it the new default for everyone else. Carl From: Andrew S. Baker [mailto:[email protected]] Sent: Tuesday, August 24, 2010 9:41 AM To: NT System Admin Issues Subject: DLL hijacking vulnerabilities There is now an Microsoft-supplied workaround for the DLL vulnerability that was publicized below: http://www.computerworld.com/s/article/9180978/Zero_day_Windows_bug_problem_w orse_than_first_thought_says_expert See the following: DLL hijacking vulnerabilities https://isc.sans.edu/diary.html?storyid=9445 Insecure Library Loading Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/2269637.mspx More information about the DLL Preloading remote attack vector http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll- preloading-remote-attack-vector.aspx A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm http://support.microsoft.com/kb/2264107 ASB (My <http://XeeSM.com/AndrewBaker> XeeSM Profile) Exploiting Technology for Business Advantage... Signature powered by <http://www.wisestamp.com/email-install> WiseStamp ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
