Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher

Gregg Keizer, Computerworld | May 6, 2011
Although Microsoft has patched multiple DLL load hijacking vulnerabilities since last summer, Windows and Internet Explorer 9 (IE9) can still be exploited, a security company warned today.

Moore said that the attacks Acros described are feasible.

"[Attackers could use] embedded COM controls within Office documents to load additional DLLs," Moore said in an email reply to questions. "That should be doable through both IE and standalone documents."

Yet hackers apparently haven't jumped on DLL load hijacking vulnerabilities, something other security researchers have noted before.

"These are very difficult to exploit," said Andrew Storms, director of security operations at nCircle Security, in a March interview. "Last year, it was 'Oh my gosh,' but it turned out to be not so easy to exploit these because it required users to browse to the malicious location and open the file, and the attacker to plant a [malicious] DLL and a bad file. That's quite a few steps."

Microsoft said it's looking into the vulnerabilities Acros claimed reside in Windows and IE9.

"Microsoft's research into DLL-preloading issues continues," said Pete Voss, a spokesman for the Microsoft security team, in an emailed statement. "As such, the company is currently investigating public claims of a possible DLL-related vulnerability and once we're done investigating, we will take appropriate action to help protect customers."

At one point last year, Microsoft said it patched all the DLL load hijacking bugs it knew about. "This fixes all of the [Windows] components that we're aware of," said Jerry Bryant, a group manager with the Microsoft Security Response Center (MSRC), in a December 2010 interview.

At the time, however, Bryant left the door open to more. "We're not closing that [DLL load hijacking] advisory just yet, and will continue to investigate."

That advisory, first released in late August 2010, remains active and open.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.