True this is an old issue but it finally is getting attention because there are literally hundreds of exploit websites up and running right now where depending on your system and application configuration if one of your employees ends up on one of these sites they will be compromised and it does not matter if your Windows Update is up to date. So yes, not new, but an extremely big deal. -Marc
Signed, Marc Maiffret Co-Founder/CTO eEye Digital Security Web: http://www.eeye.com Blog: http://blog.eeye.com Twitter: http://www.twitter.com/marcmaiffret -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, August 24, 2010 8:59 AM To: NT System Admin Issues Subject: Re: DLL hijacking vulnerabilities On Tue, Aug 24, 2010 at 9:40 AM, Andrew S. Baker <[email protected]> wrote: > There is now an Microsoft-supplied workaround for the DLL > vulnerability that was publicized below: I don't understand all the hoopla about this vulnerability. People have been complaining that the search path behavior in Microsoft systems is insecure for literally decades. People had this criticism for *MS-DOS*. Why is it suddenly getting attention? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
