Microsoft Releases 'Fix it' Help for DLL Security Flaw

Microsoft updated its security advisory this week concerning a dynamic link library (DLL) issue and published a "Fix it" solution to help address the problem.

The issue potentially involves hundreds of applications that may fail to specify a direct path to DLL files when accessing a remote server. These poorly written applications could be subject to a hacking method called "DLL preloading attacks" or "binary planting," Microsoft explained last week. In essence, applications that reference DLL files without a specified path could pick up a planted malware files instead.

The new Fix it solution, which is buried in a Knowledge Base support article linked to the revised security advisory, is designed to simplify matters for IT pros. It's supposed to be a one-click solution to the DLL security issue. However, Microsoft added some caveats before using the Fix it solution. IT pros should first download and install update 2264107 (the workaround), which is available in a series of links below the Fix it description in the Knowledge Base article.

The next step is to configure the workaround by clicking the Fix it button. Alternatively, users can manually configure the workaround through the Windows registry. Either way, this fix will "block nonsecure DLL loads from WebDAV and SMB locations," according to the article.

The DLL problem is either associated with remote servers using WebDAV (or "Web-based Distributed Authoring and Versioning"), which is used with Internet Information Services component in Windows, or with remote servers using the Server Message Block (SMB) protocol.

Spokesperson Jerry Bryant for the Microsoft Security Response Center noted that the Fix it solution just configures the workaround tool.

"This tool provides a framework for customers to modify the behavior of the DLL search path algorithm and essentially block[s] unsafe DLL loading," Bryant explained in a blog post. "When installed, this tool [the workaround] still needs to be configured in order to block malicious behavior, and customers have asked us for our recommended setting. As a result, our Security Research & Defense team has written a detailed blog post on this topic and has worked with our Microsoft Fix-it team to develop a Fix-it to enable our recommended setting which blocks most network-based attack vectors. (Please note that the [workaround] tool needs to be installed prior to enabling the Fix-it.)"

Microsoft hasn't issued a patch yet and isn't saying that it will. The problem originates, in part, due to the poor security practices of software coders. Consequently, Microsoft's security team has not described the severity of the exploit. However, Bryant wrote that the DLL vulnerability is "important" for IT pros to address. Those users subject to this DLL security problem have to "click through a series of warnings and dialogs to open a malicious file," he explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • robot typing on a computer

    Microsoft Announces 'Computer Use' Automation in Copilot Studio

    Microsoft has introduced a new AI-powered feature called "computer use" for its Copilot Studio platform that allows agents to directly interact with Web sites and desktop applications using simulated mouse clicks, menu selections and text inputs.

  • young woman using a smartphone, with digital AI and chat icons overlaid in a blurred academic setting

    Duolingo Embraces AI in Push for Scalable Learning

    Learning platform Duolingo has officially declared itself "AI-first," aiming to make learning replicable, scalable, and always available.

  • abstract pattern of cybersecurity, ai and cloud imagery

    OpenAI Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.

  • laptop and fish hook

    Security Firm Identifies Generative AI 'Vishing' Attack

    A new report from Ontinue's Cyber Defense Center has identified a complex, multi-stage cyber attack that leveraged social engineering, remote access tools, and signed binaries to infiltrate and persist within a target network.