Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Microsoft issues tool to block code execution bug

nsane.forums

By nsane.forums
in Security & Privacy News

Recommended Posts

nsane.forums

nsane.forums

Posted
Posted

Warns of code execution flaw in third party apps

Microsoft has issued a security advisory about a flaw that could affect a huge number of third party Windows applications.

The flaw, which was discovered by Acros Security, are called a binary planting bug and can be exploited as applications load dynamic link libraries (DLL). Arcos discovered the flaw last year and were surprised at the extent of the problem.

We first developed a tool for detecting these bugs and then, time permitting, subjected about 220 widely-used applications to the powers of our tool, said the company is a blog posting.

[We were] initially expecting only a few bugs here and there, we were surprised to find about 90 per cent of the applications vulnerable. And when I say " vulnerable", I mean vulnerable to remote execution in a real-world scenario, without having any privileges on the user's computer.

The flaw can be exploited by adding a malicious DLL to a media archive. If an applications searches through directories for the DLL the malware can be activated.

Microsoft has now released a tool that can stop individual applications for searching for such DDL files in an insecure manner and has issued advice on faulty code identification and firewall settings to mitigate expected attacks.

Microsoft's Security Research and Defense (MSRC) team have also issued advice on how the deal with the issue and are investigating the extent of the problem. Third party developers are also being asked to check their code.

Loading dynamic libraries is basic behavior for Windows and other operating systems, and the design of some applications require the ability to load libraries from the current working directory, said the team in a blog.

Hence, this issue cannot directly be addressed in Windows without breaking expected functionality. Instead, it requires developers to ensure they code secure library loads.

The case is one of the first cases of Microsoft's controlled vulnerability disclosure (CVD) procedures, where flaw details are released before a patch is available.

Christopher Budd, senior security response communications manager at Microsoft told V3.co.uk that a patch would be coming soon.

view.gif View: Original Article

Link to comment
Share on other sites
  • Views 889
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...