Microsoft admits new attack route for massive DLL flaw

[Simon]

Microsoft has confirmed a new way of using an old DLL flaw could leave third-party applications - as well as its own - open to attack.

When applications load dynamic link libraries where the programmer has been sloppy and not used the full path name, an attacker can hijack the process to load his own code.

Such DLL uploading techniques are well-known to Microsoft, but the new method adds the ability to attack via a shared network drive, meaning the hack could be undertaken remotely.

Read more: http://www.pcpro.co.uk/news/security/360547/microsoft-admits-new-attack-route-for-massive-dll-flaw

[Rik]

Do they never fix things properly.

[Glenn]

And put themselves out of a job 

[Rik]

Good point.

[esh]

Hard to say if it's MS or the programmers at fault here. I guess it's easy to overlook from the programmer's point of view. You can imagine just coding it like that while testing/building and then never neatening it up because it worked.

I always found it interesting how on Unix systems to run a program in your current directory like 'myapp' you could not simply type 'myapp' and press enter to run it, just in case another program of the same name had been maliciously inserted there when you expected something else to run. You have to explicitly do './myapp'. Annoyance or security?