Microsoft Releases Security Advisory WebDAV & WebClient not fix in last update

Back to Giveaway of the Day

Giveaway of the Day Forums » Talks

Microsoft Releases Security Advisory WebDAV & WebClient not fix in last update

(5 posts) (2 voices)

Started 14 years ago by Anonymous
Latest reply from Anonymous

Anonymous
Unregistered

http://www.us-cert.gov/current/index.html#microsoft_releases_security_advisory5

Microsoft Releases Security Advisory
added August 24, 2010 at 11:42 am

Microsoft has released a security advisory indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries (DLLs). If an application does not securely load DLL files, an attacker may be able to cause the application to load an arbitrary library

US-CERT encourages users and administrators to review Microsoft security advisory 2269637 and consider implementing the workarounds listed in the document. Please note that these workarounds may reduce the functionality of the affected systems. Workarounds include
* not fix in the last update !!
* disabling the loading of libraries from WebDAV and remote network shares
* disabling the WebClient service
* blocking TCP ports 139 and 445 at the firewall

Posted 14 years ago #
Anonymous
Unregistered

http://www.windowsitpro.com/article/paul-thurrotts-wininfo/Microsoft-Issues-DLL-Hijack-Blocker-Tool.aspx

Microsoft Issues DLL Hijack Blocker Tool

Microsoft's initial response includes a tool that mitigates the risk of attack by preventing applications from insecurely loading code from Windows library files, called DLLs (Dynamic Link Libraries).

Posted 14 years ago #
Anonymous
Unregistered

http://www.microsoft.com/technet/security/advisory/2269637.mspx

http://www.h-online.com/security/news/item/Scope-of-DLL-security-problem-widens-Update-1066444.html

The exploit DLLs are simple affairs which often only contain the payload and various empty functions. Searching the exploit database for the term DLL hijacking continually produces further new exploits which specifically target popular user software. Metasploit developer HD Moore released the DLLHijackAuditKit, a tool that allows users to search for vulnerable applications themselves.

http://www.theregister.co.uk/2010/08/24/windows_dll_casualties/

As many as 200 applications may be vulnerable to the so-called binary planting or DLL preloading attacks,

http://www.computerworld.com/s/article/9181518/Microsoft_releases_tool_to_block_DLL_load_hijacking_attacks?taxonomyId=89

Microsoft went to lengths today to tell users that the flaw isn't in Windows.

"dynamic-link library," or "DLL" -- using the full pathname, but instead use only the filename, giving hackers wiggle room. Criminals can exploit that by tricking the application into loading a malicious file with the same name as the required DLL. The result: Hackers can hijack the PC and plant malware on the machine.

Posted 14 years ago #
mslearner
Member

Hi,
i am a microsoft developer(fresher). could anyone explain diffrence between loadin dll from WebDAV and loadin DLL from GAC? thank you

Posted 14 years ago #
Anonymous
Unregistered

http://www.exploit-db.com/

http://www.exploit-db.com/dll-hijacking-vulnerable-applications/

WebDAV only need on a network, some one may know if stop & Disabled WebCliend helps

Posted 14 years ago #

RSS feed for this topic

Reply

You must log in to post.