In association with heise online

01 September 2010, 14:24

Microsoft continues to workaround DLL vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft Logo Users wishing to use Microsoft's tool (released last week) to block the DLL vulnerability present in a wide range of programs may find that they have a problem. If the setting for the manually created CWDIllegalInDllSearch registry entry in the 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager' path is too strict, programs including Google's Chrome web browser may become unusable. Microsoft has now released a 'fix-it' solution which automatically generates the key and sets it to the less severe value of '2' – this protects users from direct DLL hijacking from network shares. The fix-it requires the original tool to have been previously installed. Microsoft is currently considering distributing it via Windows Update.

Users who want even more security, including protection from DLL hijacking from local media such as USB flash drives, should set the registry key value to 'ffffffff'. This excludes the working directory from the DLL search path in all cases. Problem cases such as Chrome, which is stopped from working by the modified search sequence, can be dealt with by defining exceptions using another registry key. For Chrome, for example, the key takes the form: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe". A DWORD CWDIllegalInDllSearch value should be created with the value 0.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit