Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows DLL Vulnerability Exploit In the Wild

Posted by Soulskill on from the is-it-tuesday-again-already dept.

WrongSizeGlass writes "Exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications made its appearance on Monday. HD Moore, the creator of the Metasploit open-source hacking toolkit, released the exploit code along with an auditing tool that records which applications are vulnerable. 'Once it makes it into Metasploit, it doesn't take much more to execute an attack,' said Andrew Storms, director of security operations for nCircle Security. 'The hard part has already been done for [hackers].'"

2 of 178 comments (clear)

  1. Huh? by FranTaylor · · Score: 3, Interesting

    "but considering how much pain in the ass it is on Linux too, it wouldn't really work for all the casual people."

    I have Fedora 12 on my desktop with SELinux enabled. I didn't have to do ANYTHING AT ALL. I haven't seen an un-intentional alert in months. I was worried so I set one off myself just to make sure SELinux is still working, and yes it caught it.

  2. Re:Application developers fault by mdwh2 · · Score: 5, Interesting

    I agree - it's unclear to me what the "fault" of the developer is here, and which applications are at fault. I thought that loading a DLL by name without a specific path was standard practice? And how does it work with linking - in my experience, all applications I've written and used can either use a DLL in the standard path, or be overridden by a local DLL, so surely that's standard practice too? And wouldn't this affect almost every Windows program that uses DLL?

    But then, I'm not sure that this is a bad system anyway. Well, if it's possible to include a DLL loaded off a web page as being the standard path, that seems a gaping hole. However, if this flaw requires an attacker to already install a dodgy DLL in the user's path on their system, surely that would already be the security flaw? I mean, it's a bit like saying "It's a flaw that people can run exes by double clicking, there could be malicious code" - the flaw isn't in running exes, the flaw is how they got there in the first place.

    What is the proposed fix for applications that link to DLLs? And how do other operating systems work - again, I thought that having a path system allowing multiple possible locations for shared libraries wasn't uncommon?