Microsoft releases new tool to defend against DLL attack

Microsoft has released a "Fix It" tool that can be used to further protect users against a new attack vector for infecting PCs when an application is tricked into loading a malicious library.

Last week, the software giant issued an advisory after recent research revealed that a class of vulnerabilities known as "DLL (dynamic-link Library) preloading" can be exploited remotely by an attacker who places a malicious library on a network share. In the past, the attacker needed access to the local client system to perpetrate the exploit.

The Fix It, announced in a blog post on Tuesday, complements a workaround tool released last week that prevents the loading of libraries from network shares.

"When installed, this tool still needs to be configured in order to block malicious behavior, and customers have asked us for our recommended setting," wrote Jerry Bryant, group manager of response communications, in the post. "As a result, our Security Research & Defense team...has worked with our Microsoft Fix It team to develop a Fix It to enable our recommended setting which blocks most network-based attack vectors."

Aside from the Fix It, Microsoft continues to investigate which of its products are vulnerable to the issue, as well as how customers can best protect themselves when using flawed third-party applications, Bryant said.

"First, I want to be clear that Microsoft plans to address those of our products affected by this issue in the most appropriate way for customers," he wrote. "This will primarily be in the form of security updates or defense-in-depth updates. Also, due to the fact that customers need to click through a series of warnings and dialogs to open a malicious file, we rate most of these vulnerabilities as 'important.'"

.