From: Ivan Macalintal (RD-US)
Sent: Thursday, August 26, 2010 3:03:02 AM
To: Newsbank
Subject: [Newsbank] Windows Binary Planting DLL Preloading/Hijacking Bug
Auto forwarded by a Rule
Excerpt:
'....The big news that is turning the infosec world inside out this week is about a new DLL pre-loading/hijacking bug which effects more than 200 Windows applications including some produced by Microsoft itself.
The basis of this exploit is the way in which Windows works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations. This of course can and is being abused.
The big problem with is the fact that it can't really be patched by Microsoft, each vulnerable application vendor needs to issue an update to their applications to fix the way in which they deal with DLL files......'
To read the complete article see:
http://www.darknet.org.uk/2010/08/windows-binary-planting-dll-preloadinghijacking-bug/
And...
This is now being abused in the wild:
http://isc.sans.edu/diary.html?storyid=9445
Working exploits now include those for uTorrent, MS Office, Windows Mail, Adobe Photoshop, Firefox and even Wireshark.
Microsoft's recommendation at: http://www.microsoft.com/technet/security/advisory/2269637.mspx may not work (as currently being looked into by one of our engineers and which have been already brought to the attention of Microsoft) so in the meantime, just be sure be very careful about files you open from network shares.
-- Ivan@FTR
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
沒有留言:
張貼留言