Microsoft Releases 'Fix It' for DLL Hole
The company moves to help thwart attacks that can seize control of users' systems by taking advantage of shoddy programming practices.
After revealing that hundreds of Windows applications may be at risk of attack from malicious hackers using rogue dynamic link libraries (DLL), Microsoft has released a "Fix It" solution meant to ameliorate the problem.
Fix Its are automated tools from Microsoft (NASDAQ: MSFT) that tweak settings or repair problems -- sometimes security flaws -- that users encounter. Microsoft debuted the Fix It Button technology last year, enabling users to choose to automatically install a bug fix by clicking on a button instead of manually installing it themselves.
However, the latest Fix It -- in combination with a separate tool that Microsoft provided last month -- serves merely to block most of the newly emerged DLL attacks: It does not address the underlying problem, which according to Microsoft, actually has to do with poor programming practices.
"As we stated in our previous blog post, DLL preloading is a well-known class of vulnerabilities and we have had guidance for developers in place for quite some time," Jerry Bryant, group manager of response communications for the Microsoft Security Response Center (MSRC), said in a post to the group's blog Tuesday afternoon.
The DLL security vulnerability first grabbed headlines in August when a Slovenian security research firm pointed out that, under some circumstances, a malicious hacker could deploy a booby-trapped DLL file into a directory where Windows will load it, potentially granting the attacker control over the system. But it later surfaced that a U.S. security researcher had warned Microsoft about the DLL issue almost a year before, and had even published an academic paper on the threat last month.
According to the research paper, the threat affected more than just Microsoft applications, with many popular third-party programs potentially at risk.
However, Microsoft has not named any products of its own or from other vendors that might be vulnerable.
Meanwhile, Bryant pointed out that although potentially hundreds of programs could be affected, a user typically has to knowingly bypass a warning screen to fall victim to an attack.
"I want to be clear that Microsoft plans to address those of our products affected by this issue in the most appropriate way for customers ... primarily in the form of security updates or defense-in-depth updates. Also, due to the fact that customers need to click through a series of warnings and dialogs to open a malicious file, we rate most of these vulnerabilities as 'important,'" Bryant said, referring to the second most severe threat level on Microsoft's four-tier security ranking scale. In comparison, the highest threat level, "critical," is applied to threats that often require no user interaction at all to be successful.
Microsoft's current solution requires that system administrators also download the company's patching tool, which installs a new Windows registry entry. The company provides a description of how to use the tool and the Fix It together, as well as links to them, in a knowledge base article.
Follow eSecurityPlanet on Twitter @eSecurityP.
August 24, 2010
A security hole in the internals of many Windows applications could lead to an unprecedented rewrite of many popular programs.