A threat to common “.dll” files hits many apps

Susan bradley By Susan Bradley

Microsoft’s latest Security advisory on .dll-file vulnerabilities reveals a whole new chapter of Internet security troubles — and raises many more questions than it gives answers.

Many popular applications may be targets of this new threat, and there’s no single patch that will fix it.

The public disclosure of this new threat from DLL (dynamic link library) files started with a recent Apple iTunes patch. A security firm discovered that iTunes could load DLLs from locations its developers never intended. (DLL files are used extensively by Windows and Windows apps. For more details on what these files do, see the MS Support article, “What is a DLL?”). Tunes inadvertently loaded a DLL from a shared drive on a network — not from the app folder it was supposed to use. This little flaw prompted Apple security update HT4105.

Researchers soon discovered that dozens of other Windows applications, such as Adobe Photoshop CS2 and MS Word 2007, had the same vulnerability. On August 23, Microsoft released Security Advisory 2269637, which gave details about the flaw. When you read the description, you’re left with the impression that it all comes down to sloppy programming.

How to measure your level of exposure

The wide-ranging nature of this threat makes evaluating your level of exposure difficult. There is a test you can run on your systems, but it’s not for the faint of heart. Here’s what to do:

  • Go to Microsoft’s Process Explorer page and download the app. Extract it in a new folder on your computer.

  • On Metasploit’s DLLHijackAuditKit page, download this tool to the same folder on your PC.

    This article is part of our premium content. Join Now.

    Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2010-09-09:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.