Avoiding DLL Hijacks

I’ve come up with two common-sense ideas for avoiding DLL Hijack attacks.

Nothing high-tech or fancy. No Registry changes that may break other apps. Just two simple tricks that will break every DLL Hijack exploit that I’ve seen to date.

This is important because the number of reported DLL Hijack-able applications is hovering around 100, and it’ll go higher. If you run any of those apps – Word 2007 and PowerPoint 2007 and 2010 are among them – you’re susceptible to having your machine taken over by simply opening a file. Microsoft isn’t going to fix Windows to block the attacks – they can’t; the hole arises from a feature that’s part and parcel of the way Windows has worked from the beginning. The only way things will get better is when application manufacturers clean up their code. (And, yes, Microsoft is one of the companies with apps that exhibit exploitable behavior.)

If you didn’t catch my original explanation of the DLL Hijack technique, start with my Infoworld Tech Watch article on the basics. Then to see how to protect yourself in two easy steps, see my Tech Watch article How to thwart the new DLL hijacks.

DLL hijacking

If you’re wondering what all the fuss is about, check out my Infoworld Tech Watch article.

The sky isn’t falling, but the bad guys just got a potent new weapon.

Who’s stealing your personal information?

Combined report from the Verizon RISKS team and US Secret Service holds many surprises – and useful protection tips.

Check out my Windows Secrets Lead Story.

Blocking Flash cookies in a corporate environment

It ain’t easy – there are no tools!

See my InfoWorld Tech Watch blog.

And all Adobe does is wag its finger….

The anticipated massive mess of patches

Microsoft’s mess of patches is out. For now, I don’t see any reason to pull a chicken little and install any of ‘em. There’s yet another huge Internet Explorer update, plus (you’ll be happy to hear) yet another .NET patch.

Details on the SANS Internet Storm Center.

We’re still at MS-DEFCON 2. Let the pioneers get the arrows in their backs. None of the major holes are being exploited right now. Keep your cool.

MS-DEFCON 2: Lock ‘em down

With fourteen Security Bulletins around the corner, now’s a VERY good time to check and make sure you have automatic updates turned off. Follow the instructions in any of my books to turn it off, and wait for the all-clear.

It’s going to be a bloody Tuesday.

I’m moving to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

New Windows 0day in CreateDIBPalette()

I’ve seen several reports of a new 0day hole in Windows, which seems to affect all versions from XP SP3 to Win7.

Original posting is by someone who calls him(her?)self Arkon.

Best overview I’ve seen is on Secunia’s site.

No CVE number as yet, and it hasn’t appeared on SANS ISC, but this sounds like the genuine article.

Stay tuned….

Oy gevalt! 14 security bulletings coming

It’s a record – and not a good one.

MS advises that it has 14 security bulletins, patching 34 separately identified security holes, coming on August’s Black Tuesday.

Get patched up now, OK? Heaven only knows when the coast will be clear again…