Results 1 to 8 of 8

Thread: News - Microsoft acknowledges DLL vulnerability

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    News - Microsoft acknowledges DLL vulnerability

    Many common programs aren't following security advisory and may be at risk
    Read more.

  2. #2
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: News - Microsoft acknowledges DLL vulnerability

    Erm, Guys.

    Am I missing something here?

    Newsflash, non-cryptographically signed binaries can be replaced.

    Surely the only way to do this is to change either the path environment variable or file system access. From the MSDN

    Code:
    The directory from which the application loaded.
    The system directory.
    The 16-bit system directory.
    The Windows directory.
    The current directory.
    The directories that are listed in the PATH environment variable.
    So the folder which contains the application, if an attacker has access to that, your screwed.
    The system folder, generally considered a good idea to not have write perms there.
    16 bit system folder, same rule.
    windows directory, spotting a pattern?
    current directory YES VECTOR FOR ATTACK.
    PATH environment vector again. However.....

    Both those require code to be running as the local user, UAC and protected mode in IE will alleviate this a bit.

    My point is, if your already able to run code as a local user that can frig environment variables and write to the current folder of another application, which requires those two methods for finding binaries, then you've already lost complete control of your system.

    More-over there is no escalation exploit mentioned?

    Sorry to say, as much as I love to tell others to write their code better (whilst writing lazyly myself) this is a non story.
    throw new ArgumentException (String, String, Exception)

  3. #3
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: News - Microsoft acknowledges DLL vulnerability

    after a quick check with mate who is more knowledgeable, it seems like this is very similar to the one a year ago which introduced: BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE which effectively stops the searching of the current directory.

    I think the idea was that a user could be tricked into saving something into C:\Documents\WilliamFitzgerald
    then when running an app which required environment variable PATH lookup (argh!!!!!) it would inject.

    But that is very unlikely surely?
    throw new ArgumentException (String, String, Exception)

  4. Received thanks from:

    g8ina (25-08-2010)

  5. #4
    Grumpy and VERY old :( g8ina's Avatar
    Join Date
    Nov 2006
    Location
    Northampton
    Posts
    6,724
    Thanks
    2,573
    Thanked
    1,665 times in 1,084 posts
    • g8ina's system
      • Motherboard:
      • ASRock Z75 Pro3
      • CPU:
      • Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz 3.40 GHz
      • Memory:
      • 16GB Corsair 1600MHz DDR3.
      • Storage:
      • 250GB SSD system, 250GB SSD Data + 2TB data, + 8TB NAS
      • Graphics card(s):
      • XFX Radeon HD 6870
      • Case:
      • Coolermaster Elite 430
      • Operating System:
      • Win10
      • Monitor(s):
      • Iiyama 22"
      • Internet:
      • Virgin 100MB unlimited

    Re: News - Microsoft acknowledges DLL vulnerability

    Crikey, he's good isnt he

    (not sarcasm, I am genuinely inmpressed!)
    Cheers, David



  6. #5
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: News - Microsoft acknowledges DLL vulnerability

    Yup, but the proud boy won't come work for me, even when I offer a big ass pay rise! He just likes the security research too much.

    But this is a very different beast to the itunes issue, that was just sheer retardedness, it would look for a helper binary on a foreign location, load it as a current user in security unrestricted, and execute it.

    This is more a throwback to 1992, rather than something anyone should be really using. 1-4 should be enough, and if your using 5, you should be damn well aware of it warts and all. If 6, well I hope you have a damn good reason.
    throw new ArgumentException (String, String, Exception)

  7. #6
    PHP Geek Flash477's Avatar
    Join Date
    Dec 2008
    Location
    Devon
    Posts
    822
    Thanks
    51
    Thanked
    72 times in 65 posts

    Re: News - Microsoft acknowledges DLL vulnerability

    I find it ironic that most of the applications mentioned are Microsoft ones

  8. #7
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,475
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: News - Microsoft acknowledges DLL vulnerability

    0100001101110101011100100110100101101111011101010111001101101001011101000111100100100000011010110110 1001011011000110110001100101011001000010000001110100011010000110010100100000011000110110000101110100 001000000011101000101001
    You spelt curiosity wrong. And yes, I was bored.

    I thought Windows would have something in place to deny access to SMB shares not on the LAN by default? I don't know like it just seems like the common sense thing to do.
    Last edited by watercooled; 26-08-2010 at 04:51 PM.

  9. #8
    PHP Geek Flash477's Avatar
    Join Date
    Dec 2008
    Location
    Devon
    Posts
    822
    Thanks
    51
    Thanked
    72 times in 65 posts

    Re: News - Microsoft acknowledges DLL vulnerability

    Quote Originally Posted by watercooled View Post
    You spelt curiosity wrong. And yes, I was bored.
    Yeah, I know - just too lazy to change it

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 26
    Last Post: 26-01-2010, 11:09 AM
  2. Replies: 20
    Last Post: 12-11-2008, 01:01 PM
  3. Replies: 16
    Last Post: 11-11-2008, 02:51 PM
  4. Replies: 1
    Last Post: 11-11-2008, 01:59 PM
  5. Replies: 0
    Last Post: 09-05-2006, 08:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •