Earlier this week I wrote in Tech Watch about a whole new class of Windows zero-day vulnerabilities, warning that a wave of attacks would arrive soon.
Like night after day, the exploits have appeared, as Gregg Keizer explains in his Computerworld article "Windows DLL exploits boom." Two separate websites -- the Exploit Database's DLL Hijacking Vulnerable Applications list and Peter Van Eeckhoutte's DLL Hijacking Unofficial list -- currently have details on more than 80 Windows applications that are susceptible to this kind of security breach.
[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
With so many application heavyweights in the bad guys' crosshairs -- such programs as AutoCAD 2007, Illustrator CS 4, Dreamweaver CS 5, Google Earth and Chrome, uTorrent, PowerPoint 2007 and 2010, Word 2007, Groove 2007, Visio 2003 and 2010, Foxit Reader, Firefox, Thunderbird, and WinRAR appear on the vulnerable lists -- you can safely assume we've only seen a tiny slice of all the exploits due to plague us shortly.
The vulnerabilities won't go away for good until the software manufacturers (including, notably, Microsoft itself) patch their applications. In the interim, we're left with rock-and-a-hard-place choices.
Microsoft's Knowledge Base article 2264107 includes programs that enable a new Registry entry for Windows. Once you run the applicable program, you can set a Registry key called CWDIllegalInDllSearch to force Windows to ignore the Current Working Directory when searching for an inadequately specified DLL program. (See my original article for details about why that's important.)
