We are aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.
This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location.
This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected.
In addition to this guidance, Microsoft is releasing a tool that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications. This advisory describes the functionality of this tool and other actions that customers can take to help protect their systems.
Mitigating Factors
· This issue only affects applications that do not load external libraries securely. Microsoft has previously published guidelines for developers in the MSDN article, Dynamic-Link Library Security, that recommend alternate methods to load libraries that are safe against these attacks.
· For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.
· The file sharing protocol SMB is often disabled on the perimeter firewall. This limits the possible attack vectors for this vulnerability.
Affected Software
Microsoft is investigating whether any of its own applications are affected by insecure library loading vulnerabilities and will take appropriate action to protect its customers.
http://www.talktoht.com/
I am frm Punjab.I am a Microsoft Certified IT Professional. MY Skills:IT Security,Client/Domain,Cloud,VPN,AD,DNS,DHCP,Relay Agent,Access Point And Networking(LAN/WAN/WLAN/WWAN/Wi-MAX)TCP/IP,Virtualization Computing and diskless networking.
Subscribe To http://gurbindersh.blogspot.com
Posts
Comments
SHAREPOINT
Spotlight on share server 2010
No comments:
Post a Comment