Microsoft have issued a warning about a type of attack mechanism known as DLL preloading, (aka binary planting.) The attack mechanism is not new or entirely unique to Windows, however Microsoft are concerned about what appears to be a new remote-attack vector that could allow more systems to be attacked quickly.
Researchers at the University of California published a paper earlier this year on how programs that were vulnerable could be automatically detected and in recent days, security expert HD Moore published more information about this issue and even added the vulnerability to his Metasploit program.
Acros Security have warned that iTunes is also vulnerable to such an attack (which has become more common as Windows and other operating systems have become more hardened to attacks that exploit memory corruption flaws.)
It is believed that it is likely an attack could appear in the wild soon.
Microsoft have said “We are currently conducting a thorough investigation into how this new vector may affect Microsoft products” and has also released a software tool that “allows system administrators to mitigate the risk of the vulnerability in question by altering the library-loading behavior for the operating system or for specific applications.”
Security experts suggest the following to protect your system from an attack:
-Take advice issued by Microsoft
- Including changing a registry key setting so that libraries cannot be loaded over a network
- Be cautious when clicking links or visiting unknown sites
-Make sure anti-virus is up to date
(Current antivirus software won’t necessarily stop a vulnerability from being exploited but the software can sometimes detect the payloads that an attacker might try to install on a vulnerable system.)