Insecure Library Loading – Defective by Design

Binary Planting and DLL Hijacking are this weeks catchphrases and while Microsoft released a manual workaround to reduce the risk of this Windows design issue, they also state “What Microsoft is doing” in the official technet article:

Loading dynamic libraries is basic behavior for Windows and other operating systems, and the design of some applications require the ability to load libraries from the current working directory. Hence, this issue cannot directly be addressed in Windows without breaking expected functionality. Instead, it requires developers to ensure they code secure library loads. However, we’re looking into ways to make it easier for developers to not make this mistake in the future.”

That together with the most recent discovery that many applications try loading DLL files for compatibility reasons, like different Windows versions for example, makes this whole thing a huge mess which won’t be solved so quickly. Particularly for applications with dead upstream. Exploit-DB already has a growing list of applications vulnerable for this attack, it’s expected that there’ll be plenty of updates comming shortly for various applications. To name a few prominent ones: Firefox, Thunderbird, VLC media player, Winamp, Skype, PuTTY, Microsoft Office, Adobe CSx, CorelDRAW, AutoCAD, the NVIDIA display driver, and so on.

So be sure to keep yourself and your applications up2date!

Update 27/08/2010: VLC media player 1.1.4 fixing the security issue has been released.