New DLL load attack affects many poorly coded applications

Microsoft releases tool to combat new code execution flaw

Microsoft has released an update package to address a security issue which affects a great many third party applications.

The new security flaw has to do with the way that applications often dynamically load necessary libraries, or DLL files, at run time. Applications frequently rely on the DLL file being located within the system path of searchable directories but this leaves the door open to malicious exploits which set the current directory on a remote share.

The security vulnerability is not something Microsoft can easily address in an operating system update because a huge variety of software depends on the expected behavior of the way the Windows searches for DLL files. While acknowledging the issue, Microsoft has taken pains to point out that only applications which violate so-called "best practices" are vulnerable.

"Loading dynamic libraries is basic behavior for Windows and other operating systems, and the design of some applications require the ability to load libraries from the current working directory. Hence, this issue cannot directly be addressed in Windows without breaking expected functionality," wrote members of Microsoft’s MSRC team on a technet blog.

"Instead, it requires developers to ensure they code secure library loads. However, we’re looking into ways to make it easier for developers to not make this mistake in the future."

The company has since produced a Windows update which introduces a new registry key allowing users greater control over the DLL search path. The update is not expected to be required for all general users since potential attacks involve inserting a network share on the system but it has, however, highlighted the need for developers to pay greater attention to Microsoft development practices to avoid such vulnerabilities. 

Check Also

Kyndryl and Elastic Partner on Data Observability, Search and Insights

Kyndryl and Elastic have expanded their global partnership to provide customers full-stack observability, enabling them …