By Susan Bradley
Microsoft’s latest Security advisory on .dll-file vulnerabilities reveals a whole new chapter of Internet security troubles — and raises many more questions than it gives answers.
Many popular applications may be targets of this new threat, and there’s no single patch that will fix it.
The public disclosure of this new threat from DLL (dynamic link library) files started with a recent Apple iTunes patch. A security firm discovered that iTunes could load DLLs from locations its developers never intended. (DLL files are used extensively by Windows and Windows apps. For more details on what these files do, see the MS Support article, “What is a DLL?”). Tunes inadvertently loaded a DLL from a shared drive on a network — not from the app folder it was supposed to use. This little flaw prompted Apple security update HT4105.
Researchers soon discovered that dozens of other Windows applications, such as Adobe Photoshop CS2 and MS Word 2007, had the same vulnerability. On August 23, Microsoft released Security Advisory 2269637, which gave details about the flaw. When you read the description, you’re left with the impression that it all comes down to sloppy programming.
How to measure your level of exposure
The wide-ranging nature of this threat makes evaluating your level of exposure difficult. There is a test you can run on your systems, but it’s not for the faint of heart. Here’s what to do: