Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Handlers Diary Blog - DLL hijacking - what are you doing ? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DLL hijacking - what are you doing ?

Published: 2010-08-29
Last Updated: 2010-08-29 22:38:28 UTC
by Swa Frantzen (Version: 1)
10 comment(s)

In response to the heavy publication in the press about the DLL hijacking vulnerabilities, Microsoft released a number of publications and even a tool of their own.

Judging from the comments on the article by Bojan and the difficulty in reading the instructions and the lack of a clear recommended value that stops the current ongoing attacks without breaking commonly used software packages, it's clear there is still some work ahead of us.

Not only do we need to understand it in detail and understand what we can block, but we need to test it all as well.

So, in a spirit of sharing how to make it work:

  • What are you using as mitigation against the DLL hijacking vulnerabilities ?
  • What did your tests with the different values and commonly used software packages (such as Microsoft Office) yield with the different values the tool supports ?

--
Swa Frantzen -- Section 66

Keywords: msft patches
10 comment(s)
Diary Archives