Author Topic: Microsoft admits new attack route for massive DLL flaw (Read 1196 times)

Simon · « **on:** August 24, 2010, 12:43 »

Microsoft has confirmed a new way of using an old DLL flaw could leave third-party applications - as well as its own - open to attack.

When applications load dynamic link libraries where the programmer has been sloppy and not used the full path name, an attacker can hijack the process to load his own code.

Such DLL uploading techniques are well-known to Microsoft, but the new method adds the ability to attack via a shared network drive, meaning the hack could be undertaken remotely.

Read more: http://www.pcpro.co.uk/news/security/360547/microsoft-admits-new-attack-route-for-massive-dll-flaw

Rik · « **Reply #1 on:** August 24, 2010, 13:51 »

I'm going back to my BBC Micro.

sam · « **Reply #2 on:** August 24, 2010, 14:28 »

Quote from: Rik on August 24, 2010, 13:51

I'm going back to my BBC Micro.

bet you could get it working with a network.

There is another solution though: http://www.ubuntu.com/

Simon · « **Reply #3 on:** August 24, 2010, 14:31 »

I'd never have guessed you'd say that, Sam.

Rik · « **Reply #4 on:** August 24, 2010, 15:47 »

Author Topic: Microsoft admits new attack route for massive DLL flaw (Read 1196 times)

Simon

Microsoft admits new attack route for massive DLL flaw

Rik

Re: Microsoft admits new attack route for massive DLL flaw

sam

Re: Microsoft admits new attack route for massive DLL flaw

Simon

Re: Microsoft admits new attack route for massive DLL flaw

Rik

Re: Microsoft admits new attack route for massive DLL flaw