{"id":72789,"date":"2010-08-24T06:49:33","date_gmt":"2010-08-24T06:49:33","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72789"},"modified":"2010-08-24T06:49:33","modified_gmt":"2010-08-24T06:49:33","slug":"microsoft-confirms-remote-code-execution-bug","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/microsoft-confirms-remote-code-execution-bug\/","title":{"rendered":"Microsoft confirms remote code-execution bug"},"content":{"rendered":"

This is in continuation to my yesterday\u2019s blog<\/a>.<\/p>\n

Microsoft\u2019s advisory<\/a> has confirmed that the attacks exploit a weakness in the way programs load associated libraries. The binary files can be located in a variety of directories, including those on networks controlled by a malicious hacker.<\/p>\n

According to Microsoft the vulnerability exists in Windows applications made by third-party developers however it is still investigating whether any Microsoft programs are susceptible to the \u201cbinary planting\u201d or \u201cDLL preloading attacks”.<\/p>\n

According to Microsoft Security Response Center blog<\/a>, this issue cannot be directly addressed in Windows without breaking expected functionality. Instead, it requires developers to ensure they code secure library loads. The attack works because many applications ignore best security practices and search for the library based only on the file name, rather than the full directory path. When the current working directory is set to one controlled by the attacker, it’s possible to load a malicious file.<\/p>\n

Microsoft suggests that admins disable WebDAV and block outgoing SMB connections on ports 445 and 139. Additionally it has also released a software tool that changes the way Windows searches for DLL files. There are different versions of tool depending upon the Windows versions you use. You can download the tool from here<\/a>.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

This is in continuation to my yesterday\u2019s blog. Microsoft\u2019s advisory has confirmed that the attacks exploit a weakness in the way programs load associated libraries. The binary files can be located in a variety of directories, including those on networks controlled by a malicious hacker. According to Microsoft the vulnerability exists in Windows applications made […]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72789","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72789"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72789"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72789\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}