PC Pals Forum

Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Simon on August 24, 2010, 12:43

Title: Microsoft admits new attack route for massive DLL flaw
Post by: Simon on August 24, 2010, 12:43

Microsoft has confirmed a new way of using an old DLL flaw could leave third-party applications - as well as its own - open to attack.

When applications load dynamic link libraries where the programmer has been sloppy and not used the full path name, an attacker can hijack the process to load his own code.

Such DLL uploading techniques are well-known to Microsoft, but the new method adds the ability to attack via a shared network drive, meaning the hack could be undertaken remotely.

Read more: http://www.pcpro.co.uk/news/security/360547/microsoft-admits-new-attack-route-for-massive-dll-flaw

Title: Re: Microsoft admits new attack route for massive DLL flaw
Post by: Rik on August 24, 2010, 13:51

I'm going back to my BBC Micro. :)

Title: Re: Microsoft admits new attack route for massive DLL flaw
Post by: sam on August 24, 2010, 14:28

Quote from: Rik on August 24, 2010, 13:51

I'm going back to my BBC Micro. :)

bet you could get it working with a network.

There is another solution though: http://www.ubuntu.com/

Title: Re: Microsoft admits new attack route for massive DLL flaw
Post by: Simon on August 24, 2010, 14:31

I'd never have guessed you'd say that, Sam.   ;D

Title: Re: Microsoft admits new attack route for massive DLL flaw
Post by: Rik on August 24, 2010, 15:47

 :laugh: