You're welcome. I haven't yet seen that they plan to roll it our as a security update, but that is not outside the realm of possibilities. And I would like to see the default changed, if it is rolled out that way.
To me, the vulnerability is interesting, because it takes advantage of the failure of a specific application AND the default behavior of Windows as it pertains to that failure. Given that there are now hundreds of applications that are affected by this, and there is no way that they'll all be updated at the same time (or that they'll all be updated at all), I'm glad they've taken steps to mitigate it. I'm waiting to see how many Microsoft apps fall into this category, too. :) I agree with you that changing the default via a security/critical update would be most beneficial to a greater number of people -- many of whom cannot easily fend for themselves. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Tue, Aug 24, 2010 at 10:59 AM, Carl Houseman <[email protected]>wrote: > Thanks ASB. I'm guessing that MS expects the solution cycle for this > vuln will take some time, therefore they took the unusual step of creating a > patch to mitigate it. Question is, will the patch and registry value be > rolled out as a security/critical update? The most vulnerable > computers/users are those without an I.T. staff to automate the patch > install and reghack. How many soho/home users would notice if their local > applications could not access DLLs on WEBDAV or remote shares? Less than > .001% I'd bet – but still too many? > > > > Most any business with an infrastructure that can't deal with the DLL > restriction would also have WSUS controlling patch rollout – so I say, make > it the new default for everyone else. > > > > Carl > > > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Tuesday, August 24, 2010 9:41 AM > *To:* NT System Admin Issues > *Subject:* DLL hijacking vulnerabilities > > > > There is now an Microsoft-supplied workaround for the DLL vulnerability > that was publicized below: > > > http://www.computerworld.com/s/article/9180978/Zero_day_Windows_bug_problem_worse_than_first_thought_says_expert > > See the following: > > *DLL hijacking vulnerabilities* > > https://isc.sans.edu/diary.html?storyid=9445 > > *Insecure Library Loading Could Allow Remote Code Execution* > > http://www.microsoft.com/technet/security/advisory/2269637.mspx > > *More information about the DLL Preloading remote attack vector* > > > http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx > > *A new CWDIllegalInDllSearch registry entry is available to control the > DLL search path algorithm* > > http://support.microsoft.com/kb/2264107 > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > Signature powered by WiseStamp <http://www.wisestamp.com/email-install> > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
