|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Avoiding DLL Hijacks
Posted on August 28th, 2010 at 07:57 6 commentsI’ve come up with two common-sense ideas for avoiding DLL Hijack attacks.
Nothing high-tech or fancy. No Registry changes that may break other apps. Just two simple tricks that will break every DLL Hijack exploit that I’ve seen to date.
This is important because the number of reported DLL Hijack-able applications is hovering around 100, and it’ll go higher. If you run any of those apps – Word 2007 and PowerPoint 2007 and 2010 are among them – you’re susceptible to having your machine taken over by simply opening a file. Microsoft isn’t going to fix Windows to block the attacks – they can’t; the hole arises from a feature that’s part and parcel of the way Windows has worked from the beginning. The only way things will get better is when application manufacturers clean up their code. (And, yes, Microsoft is one of the companies with apps that exhibit exploitable behavior.)
If you didn’t catch my original explanation of the DLL Hijack technique, start with my Infoworld Tech Watch article on the basics. Then to see how to protect yourself in two easy steps, see my Tech Watch article How to thwart the new DLL hijacks.
6 responses to “Avoiding DLL Hijacks”
-
Randall August 29th, 2010 at 01:41
Woody,
Great tips that everyone can easily do! Thanks for posting this.
Your article also mentions that corporates have their firewall set to avoid most WebDAV and SMB problems. I’m not clear whether home users are likely to run into WebDAV and SMB.
Should we be using the non-registry changes suggested by Microsoft (to disable the WebClient service and block ports 139 and 445?
Or is this WebDav and SMB stuff unlikely to apply to a home user?
Thanks again for your good advice
Randall -
@Randall -
Most home users and small business users won’t run into WebDAV or SMB.
-
rc primak August 29th, 2010 at 12:40
I sometimes download Zipped Folders for running non-installed applications on my computers. Does the mere act of Extracting All from a Zipped Folder risk running a rogue DLL? Or can I Extract All, then identify the pest and zap it before it can do any harm?
Of course, if I EVER find an infected file in a Zipped archive being offered as a non-installed Application, I would be inclined to stop doing business with the offending web site or author.
-
@RC -
Unzipping won’t do it, except in a weird way. I see that IZARC is listed as a program susceptible to DLL Hijacking, with the automatically called program ztv7z.dll. (See http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ )
This gets complicated, but if you have IZARC set up as your default ZIP handler, and you have a ZIP file sitting in the same folder as a jiggered ztv7z.dll file, when you double-click on the ZIP file, your machine runs the bogus ztv7z.dll program.
So in that (rare) instance, yes, unzipping a file can run a bad program.
-
rc primak August 30th, 2010 at 23:31
I find on the list (which is hardly complete) most troubling the listing for NVidia Drivers. That could lead to a hardware or firmware infection. Very troubling.
Also, Avast is probably not the only security product which has a vulnerability, but I don’t like seeing it there either.
Notably, VLC Player has recently been patched to eliminate this vulnerability. Good on VideoLAN for that one!
-
Microsoft has released the KB2264107 patches that may deal with the DLL Hijacking problem:
http://support.microsoft.com/kb/2264107the 2264107 updates will be published at the Windows Update site on Tuesday Sept. 28.
Leave a reply
-
Support AskWoody.com
Click on this list to get
Woody ’s books at Amazon.com
- Windows 7 All-In-One For Dummies
- Green Home Computing For Dummies
- Windows Vista All-In-One Desk Reference For Dummies
- Windows Vista Timesaving Techniques For Dummies
- Windows XP All-In-One Desk Reference For Dummies
- Windows XP Timesaving Techniques For Dummies
- Windows XP Hacks & Mods For Dummies
- Windows Home Server For Dummies
- Special Edition Using MS Office 2007
- Special Edition Using MS Office Home & Student 2007
- Special Edition Using MS Office 2003
- Office 2003 Timesaving Techniques For Dummies
- Special Edition Using MS Office 2003, Student-Teacher Edition)