And in any case, reading their reccomendation, MUST be e temporary workaround .It is unbeleavable that should be considered a patch.:
This update helps protect against DLL preloading vulnerabilities in software applications on the Windows platform. It implements new functionality which allows the administrator to more closely control how applications load external libraries. We recommend that administrators test this update thoroughly before you deploy to a production environment. For more information about the changes this update implements and how to configure it appropriately, please review the KB article associated with this download. After you install this item, you may have to restart your computer GuidoElia HELPPC -----Messaggio originale----- Da: Ben Scott [mailto:[email protected]] Inviato: mercoledì 25 agosto 2010 7.01 A: NT System Admin Issues Oggetto: Re: DLL hijacking vulnerabilities more question On Tue, Aug 24, 2010 at 6:40 PM, Carl Houseman <[email protected]> wrote: > As regards SafeDLLSearchMode, it does not guarantee mitigation, > because an application can try to load a .dll that isn't in any of the > locations before reaching the CWD. I would imagine there are plenty > of applications that might attempt to load a user-provided .dll containing > custom code. From experience looking for other problems with ProcMon, I can say that many processes try to load all sorts of DLLs which aren't there. Presumably features they support but do not depend on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
