Microsoft Releases 'Fix it' Help for DLL Security Flaw

Microsoft updated its security advisory this week concerning a dynamic link library (DLL) issue and published a "Fix it" solution to help address the problem.

The issue potentially involves hundreds of applications that may fail to specify a direct path to DLL files when accessing a remote server. These poorly written applications could be subject to a hacking method called "DLL preloading attacks" or "binary planting," Microsoft explained last week. In essence, applications that reference DLL files without a specified path could pick up a planted malware files instead.

The new Fix it solution, which is buried in a Knowledge Base support article linked to the revised security advisory, is designed to simplify matters for IT pros. It's supposed to be a one-click solution to the DLL security issue. However, Microsoft added some caveats before using the Fix it solution. IT pros should first download and install update 2264107 (the workaround), which is available in a series of links below the Fix it description in the Knowledge Base article.

The next step is to configure the workaround by clicking the Fix it button. Alternatively, users can manually configure the workaround through the Windows registry. Either way, this fix will "block nonsecure DLL loads from WebDAV and SMB locations," according to the article.

The DLL problem is either associated with remote servers using WebDAV (or "Web-based Distributed Authoring and Versioning"), which is used with Internet Information Services component in Windows, or with remote servers using the Server Message Block (SMB) protocol.

Spokesperson Jerry Bryant for the Microsoft Security Response Center noted that the Fix it solution just configures the workaround tool.

"This tool provides a framework for customers to modify the behavior of the DLL search path algorithm and essentially block[s] unsafe DLL loading," Bryant explained in a blog post. "When installed, this tool [the workaround] still needs to be configured in order to block malicious behavior, and customers have asked us for our recommended setting. As a result, our Security Research & Defense team has written a detailed blog post on this topic and has worked with our Microsoft Fix-it team to develop a Fix-it to enable our recommended setting which blocks most network-based attack vectors. (Please note that the [workaround] tool needs to be installed prior to enabling the Fix-it.)"

Microsoft hasn't issued a patch yet and isn't saying that it will. The problem originates, in part, due to the poor security practices of software coders. Consequently, Microsoft's security team has not described the severity of the exploit. However, Bryant wrote that the DLL vulnerability is "important" for IT pros to address. Those users subject to this DLL security problem have to "click through a series of warnings and dialogs to open a malicious file," he explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • glowing AI brain composed of geometric lines and nodes, encased within a protective shield of circuit patterns

    NIST's U.S. AI Safety Institute Announces Research Collaboration with Anthropic and OpenAI

    The U.S. AI Safety Institute, part of the National Institute of Standards and Technology (NIST), has formalized agreements with AI companies Anthropic and OpenAI to collaborate on AI safety research, testing, and evaluation.

  • a glowing gaming controller, a digital tree structure, and an open book

    Report: Use of Game Engines Expands Beyond Gaming

    Game development technology is increasingly being utilized beyond its traditional gaming roots, according to the recently released annual "State of Game Development" report from development and DevOps solutions provider Perforce Software.

  • translucent lock composed of interconnected nodes and circuits at the center

    Cloud Security Alliance: Best Practices for Securing AI Systems

    The Cloud Security Alliance (CSA), a not-for-profit organization whose mission statement is defining and raising awareness of best practices to help ensure a secure cloud computing environment, has released a new report offering guidance on securing systems that leverage large language models (LLMs) to address business challenges.