Microsoft has released a tool designed to close a security hole in Windows applications that could allow for unauthorized access to PCs. The security flaw is created not by a vulnerability in Microsoft code, but in the way some Windows programs are developed, says the company. And while Microsoft is not taking responsibility for the problem, it nonetheless has rolled out the tool and a set of development best practices.
According to a Microsoft Security Advisory, research has been published that details "a remote attack vector for a class of vulnerabilities that affects how applications load external libraries." The attack, called binary planting or DLL preloading, is caused by the way Windows programs are written, allowing hackers to remotely execute code when a user opens a file from a location that isn't trusted, says the advisory.
Microsoft has issued guidance on how to correct the programming problem by using available APIs, and says it is notifying third-party application developers of ways to mitigate the issue. The company won't say whether its own Windows applications are affected by the vulnerability, stating only that it is "actively investigating" the situation and "and will take appropriate action to protect its customers."
The new tool allows system administrators to thwart attacks by altering the library loading behavior, either system-wide or for specific applications. The attack is only possible with applications that do not load external libraries securely. Users must visit an untrusted remote file system location or WebDAV share to open a document, which then gets loaded by a vulnerable application, says the company.