gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76665 Posts in 13459 Topics by 2084 Members - Latest Member: illusions December 02, 2021, 12:32:47 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Windows DLL-loading security flaw puts Microsoft in a bind
gfx
gfxgfx
 

Author Topic: Windows DLL-loading security flaw puts Microsoft in a bind  (Read 1446 times)

0 Members and 1 Guest are viewing this topic.

Offline p2p rules

  • Forum Member
Windows DLL-loading security flaw puts Microsoft in a bind
« on: August 25, 2010, 04:20:15 am »
Quote
The rediscovery of an old attack method based on the way that Windows loads DLLs places Microsoft in a tricky position: a change to Windows will fix the problem once and for all, but could break third-party software that relies on the operating system working the way it has worked for 20 years. Ars explains the situation.
arstechnica.com
More information about the DLL Preloading remote attack vector
 :o

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #1 on: August 25, 2010, 10:50:21 am »
uh... its 'dll hell' over a networked drive.... dont think this one is too much of a biggie....

Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #2 on: August 25, 2010, 03:05:40 pm »
so if microsoft were to 'correct' this issue, issue an 'opt out' type of hotfix and programs no longer loaded .dll files from the current directory, would that mean the community patch oledlg.dll or the winmxgroup ws32 patch would no longer work on windows OS's?

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #3 on: August 26, 2010, 12:09:40 am »
yep...

--edit--

would be better if MS 'fixed' it just for network drives not local...

--edit--

apps can specify that they want to load a dll from their own directory or be coded to avoid such... so this would only affect those that arent 'properly' coded...

Offline Lagerlout666

  • Forum Member
Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #4 on: August 26, 2010, 06:37:08 am »
Easily patch a patch lol
The Solution to 99% of winmx problems

nap.winmxgroup.net        -ONLINE again YAY!!!!!! :D

Praise's daily at the church of "Kopimi"

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #5 on: August 26, 2010, 10:07:21 am »
a proxy based patch as apposed to dll injection could work just as well... ...in theory...

patch a MS security patch? would honestly be better to avoid installing it...

Offline Lagerlout666

  • Forum Member
Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #6 on: August 26, 2010, 12:29:05 pm »
I was joking, i was expecting someone to say i sound like microsoft lol.
The Solution to 99% of winmx problems

nap.winmxgroup.net        -ONLINE again YAY!!!!!! :D

Praise's daily at the church of "Kopimi"

Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #7 on: August 26, 2010, 03:04:34 pm »
What you said was concise and to the point tiny, nothing like microsoft.

reminds me of a joke, helicopter pilot taking a few passengers for a fly around the buildings in a big city, he gets himself a bit lost looking for a particular building, hovers next to a highrise and holds up a sign "where am I?"
The people in the building hold up a sign "in a helicopter"
He flies off and finds the building he was looking for.
The passengers ask him how he found it as the people in the highrise we no help at all.
He says "ahhh, that was the microsoft building, while the information they gave me was technically correct, it was completely useless".

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #8 on: August 26, 2010, 03:22:41 pm »
lol  i lake that, typical of microsoft, to the point and useless at the same time



Try Connecting, the attacks may let you http://patch.winmxconex.com/


Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Windows DLL-loading security flaw puts Microsoft in a bind
« Reply #10 on: August 27, 2010, 06:50:51 am »
http://support.microsoft.com/kb/2264107

install and block webDAV ... if you dont run any apps over shares set to block UNC too...


...closest thing to a 'fix' for remote attacks that wont break quite a few local apps that i can find...

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Windows DLL-loading security flaw puts Microsoft in a bind
 

gfxgfx
gfx
©2005-2021 WinMXWorld.com. All Rights Reserved.
SMF 2.0.18 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.038 seconds with 25 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!