Windows DLL PreLoading ATTACKS … (Zero-Day Vulnerability)!
An old discovery of a Zero-Day Vulnerability in the way Windows hands a “DLL” to an application has been disclosed publicly for a large number of applications (Theoretically, any application running on Windows is affected). The way Windows is PreLoading DLLs is extremely unsafe, here is an example:
- A colleague sends you a PowerPoint presentation (\\FileServer\MyPresentation.ppt)
- You open the file from that network share
- Windows will load the required PowerPoint DLLs from that share first, if they exist
Now, this is your colleague, but an attacker will have a malicious DLL in the same location, with the exact name of the DLL required by PowerPoint to execute unauthorized code remotely!
As per Microsoft, the vulnerability is applicable only to applications which do not load DLLs securely.
Scareware criminals are already taking advantage of the vulnerability to earn profit by installing unauthorized software on user machines (i.e. Fake Antivirus).
Here is what you can do to prevent damages:
- If you want to fix the issue temporarily, use this Fix It Tool from Microsoft
- Do not open files or emails from untrusted sources.
- If your computer is acting abnormal, get our tools (i.e. RescueCD, FakeAV Remover)
- Apply Microsoft’s Patch when it becomes available (Do not forget to disable the Fix)
