Less than 24 hours after Microsoft said it couldn’t patch Windows to fix a systemic problem, attack code showed up to exploit the company’s software. A security firm that’s been researching the issue for the past nine months said 41 of Microsoft’s own programs can be remotely exploited using DLL load hijacking. Many Windows applications don’t call code libraries — dubbed “dynamic-link library,” or “DLL” — using the full path name, but instead use only the file name, giving hackers wiggle room that they can then exploit by tricking an application into loading a malicious file with the same name as a required DLL.
If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive — and in some cases con them into opening a file — they can hijack a PC and plant malware on it.
At least four exploits of what some call “binary planting” attacks — and what others dub “DLL load hijacking” attacks — had been published to a well-known hacker site. Two of the exploits targeted Microsoft-made software, including PowerPoint 2010, the presentation application in Office 2010, and Windows Live Mail, a free e-mail client bundled with Vista but available as a free download for Windows 7 customers.
Other exploits aimed at leveraging DLL load hijacking bugs in uTorrent, a BitTorrent client, and Wireshark, a network protocol analyzer. Wireshark’s lead developer, Gerald Combs, said that a fix for the DLL load hijacking bug would be released soon, if not already. Microsoft and BitTorrent, the firm responsible for uTorrent, did not reply to requests for comment about their patching plans.
If you are having Internet re-direct problems, it might be because of Windows DLL load hijacking exploits. Give us a call, we can help correct the problem.