top-adds5
top-adds4
top-adds3
top-adds2
top-adds
«
»

Microsoft issues tool to block code execution bug


The flaw can be exploited by adding a malicious DLL to a media archive

Warns that many third-party apps could be vulnerable

Microsoft has issued a security advisory about a flaw that could affect a huge number of third-party Windows applications.

The flaw, which was discovered by Acros Security, is called a “binary planting” bug and can be exploited as applications load dynamic link libraries (DLL). Acros discovered the flaw last year and was surprised at the extent of the problem.

“We first developed a tool for detecting these bugs and then, time permitting, subjected about 220 widely-used applications to the powers of our tool,” said the company in a blog posting.

“[We were] initially expecting only a few bugs here and there, [so] we were surprised to find about 90 per cent of the applications vulnerable. And when I say ‘vulnerable’, I mean vulnerable to remote execution in a real-world scenario, without having any privileges on the user’s computer.”

The flaw can be exploited by adding a malicious DLL to a media archive. If an application searches through directories for the DLL the malware can be activated.

Microsoft has now released a tool that can stop individual applications from searching for such DLL files in an insecure manner, and has issued advice on faulty code identification and firewall settings to mitigate expected attacks.

Microsoft’s Security Research and Defense team has also issued advice on how to deal with the issue and is investigating the extent of the problem. Third-party developers are also being asked to check their code.

“Loading dynamic libraries is basic behaviour for Windows and other operating systems, and the design of some applications requires the ability to load libraries from the current working directory,” said the team in a blog.

“Hence, this issue cannot directly be addressed in Windows without breaking expected functionality. Instead, it requires developers to ensure they code secure library loads.”

The case is one of the first to use Microsoft’s controlled vulnerability disclosure (CVD) procedures, where flaw details are released before a patch is available.

Christopher Budd, senior security response communications manager at Microsoft, told V3.co.uk that a patch would be coming soon.

Source: http://www.computing.co.uk/v3/news/2268602/microsoft-issues-tool-block#ixzz0xY7LQ4O5

Leave a Reply

You must be logged in to post a comment.

«
»
Translate
EnglishFrenchGermanItalianJapanesePortugueseRussianSpanishThai
Business Headsets, Shop Now, Wireless Headsets, Headphones, Telephone Headsets, Business Cordless Headsets
Copyright 2011 © Garry Sholl (GAICD). All Rights Reserved
Terms & Conditions | Privacy Policy | Sitemap