Microsoft Publishes ‘Fix-It’ Solution To Address DLL Flaw
Software giant Microsoft, on August 31, 2010, issued one 'Fix-it' solution for Web-admins to take care of installation problems pertaining to DLL (dynamic-link library) that's understandably making an impact on several applications. Actually, the organization had released one automated program designed to help users to easily stop assaults that abuse flaws in Windows software.
The problem apparently pertains to numerous applications which mayn't be able to name an unhindered way for reaching DLL files whilst using a server in the remote. Consequently, the inadequately-designed applications may become vulnerable to "binary planting" or "DLL preloading attacks" that's a technique used for hacking.
This attack works when its perpetrator simply installs a malicious DLL carrying a name that runs on a shared network. The DLL is also possible to deploy from a network that's shared on the Net provided the firewalls let HTTP traffic to pass online.
But Microsoft has turned down to name its flawed applications. However external researchers have detected several high-profile Microsoft applications that can be potentially targeted. These include Windows Live Mail, Address Book and Windows Contact, PowerPoint 2010 and 2007, and Word 2007.
Stated group manager Jerry Bryant for Microsoft Security Response Center Communications, consumers needed to know that the automated program could only be used for safeguarding against dynamic-link library preloading. It didn't safeguard against executable files, which didn't use a wholly valid way for loading files. Therefore, developers must make those applications up-to-date from time-to-time, Bryant explained. EWeek.com published this on August 31, 2010.
And while a patch is still awaited, Microsoft hasn't also committed one. Actually, the problem is partially because software coders don't have effective security patches. Hence, the security team at Microsoft isn't saying how serious the flaw is.
Meanwhile, IT experts have whined about the automated program saying that it's confusing and Microsoft has acknowledged users' call for help.
Thus it has published one 'Fix-it' program on a support website which routinely stops DLL to load content from Server Message Block or WebDAV shares, which are two commonly used attack mediums. Even then, users are recommended to take down and deploy the original program.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 09-09-2010