And what breakage do you anticipate? (One or two examples would be more than sufficient)
How would you prefer to see the mitigation work, given the nature of the problem? *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Tue, Aug 24, 2010 at 10:58 AM, HELP_PC <[email protected]> wrote: > Without breaking anything? Not so evident to me > > *GuidoElia* > *HELPPC* > > > ------------------------------ > *Da:* Andrew S. Baker [mailto:[email protected]] > *Inviato:* martedì 24 agosto 2010 16.27 > > *A:* NT System Admin Issues > *Oggetto:* Re: DLL hijacking vulnerabilities > > Yes, there is. If you understand the nature of the vulnerability, that > is. > > Because of the way the search path works you can hijack a missing DLL for > any application. Now, you have a way to prevent that from being exploited > remotely. > > > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > * * > Signature powered by WiseStamp <http://www.wisestamp.com/email-install> > > > On Tue, Aug 24, 2010 at 10:00 AM, HELP_PC <[email protected]> wrote: > >> You mean there isn't. >> And workarounds on KB 2269637 are really idiot >> >> *GuidoElia* >> *HELPPC* >> >> >> ------------------------------ >> *Da:* Andrew S. Baker [mailto:[email protected]] >> *Inviato:* martedì 24 agosto 2010 15.41 >> *A:* NT System Admin Issues >> *Oggetto:* DLL hijacking vulnerabilities >> >> There is now an Microsoft-supplied workaround for the DLL >> vulnerability that was publicized below: >> >> >> http://www.computerworld.com/s/article/9180978/Zero_day_Windows_bug_problem_worse_than_first_thought_says_expert >> >> >> >> See the following: >> >> >> >> *DLL hijacking vulnerabilities* >> >> https://isc.sans.edu/diary.html?storyid=9445 >> >> >> >> *Insecure Library Loading Could Allow Remote Code Execution* >> >> http://www.microsoft.com/technet/security/advisory/2269637.mspx >> >> >> >> *More information about the DLL Preloading remote attack vector* >> >> >> http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx >> >> >> >> *A new CWDIllegalInDllSearch registry entry is available to control the >> DLL search path algorithm* >> >> http://support.microsoft.com/kb/2264107 >> >> >> >> >> *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> >> *Exploiting Technology for Business Advantage...* >> * * >> >> Signature powered by WiseStamp <http://www.wisestamp.com/email-install> >> >> >> >> >> >> >> >> >> >> > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
