"this class of vulnerabilities could allow malicious code to run if an attacker can convince a victim to do the following:
- Browse to a malicious, untrusted WebDAV server in the Internet Zone; and
- Double-click a file that appears by its extension and icon to be safe"
Jerry Bryant explained at the MSRC Blog in Update on Security Advisory 2269673 that Microsoft plans to address the Microsoft products affected by this issue, primarily be in the form of security updates or defense-in-depth updates. It is important to keep in mind that while Microsoft continues investigations in Microsoft products that are impacted by the vulnerability, there are many third-party applications that are also impacted (see DLL Hijacking (KB 2269637) – the unofficial list by Peter Van Eeckhoutte). It is up to those vendors to provide patches for their affected software, which may take some time or, as Jerry Bryant indicated, may not be possible. As a result, the Microsoft Fix it Team has developed a Fix it solution to enable the Microsoft-recommended setting which blocks most network-based vectors.
Steps:
- Download and then install update 2264107, available from the bottom of the page at KB 2264107.
- From the same page, click the Fix it button or link under the Enable this fix it heading. Click Run in the File Download dialog box, and then follow the steps in the fix it wizard.
The Fix it solution will deploy the registry entry that is needed to block nonsecure DLL loads from WebDAV and SMB locations.
References:
- DLL Hijacking (KB 2269637) – the unofficial list (Peter Van Eeckhoutte)
- MSRC Blog: Update on Security Advisory 2269673
- SR&D Blog: An update on the DLL-preloading remote attack vector
- TechNet: Knowledge Base Article 2264107
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
0 comments:
Post a Comment