Earlier workaround believed to be too complex for most users.
A week after
Microsoft
released a fix for a DLL vulnerability that affected a large number of programs running on its operating systems, it has released a second fix for the same problem.
DLLs (Dynamic Link Libraries), which contain commonly used functions, are essential to most programs running on
Windows
operating systems. When a program needs a certain library but doesn’t specify its location,
Windows
looks for libraries in certain places, including the user directory.
By changing this user directory to something it controls and by storing a malicious version of the library there, a piece of malware can make otherwise harmless programs use part of these malicious libraries. Programs that are vulnerable to this kind of attack include
Microsoft Office Powerpoint 2007
,
Skype
and
Opera
.
While software developers are working hard to fix their programs,
Microsoft
released a workaround last week which prevented insecure DLLs from loading from remote and local file sharing locations. However, the fix meant the user had to make some manual changes to the registry, which can cause harm if not done correctly. Home users in particular were put off by this. The new fix does not have this problem.
More can be found at the blog of security journalist Brian Krebs
here
, where there is also an explanation of how to apply the fix.
Posted on 01 September 2010 by
Virus Bulletin
Leave a Reply