Microsoft has posted an advisory that explains the “DLL preloading attacks” and offers a work-around tool that “allows customers to disable the loading of libraries from remote network or WebDAV shares. This tool can be configured to disallow insecure loading on a per-application or a global system basis.”

When an application loads a .dll file, but doesn’t name a full path name,Windows searches a pre-defined set of directories for it. Exploiting this, an intruder could social engineer a victim into loading a malicious .dll from a USB drive or from a network and execute arbitrary code.

Advisory here: Insecure Library Loading Could Allow Remote Code Execution

Tom Kelchner

View full post on Sunbelt Blog

• Microsoft Confirms DLL Issue, Releases Workaround
  In response to new developments in the old vulnerability of insecure DLL loading Microsoft has released an advisory describing the problem, actions that may be taken by users, administrators and devel...
• Microsoft Issues Advisory and Tool To Address DLL Loading Issue
  In response to new developments in the old vulnerability of insecure DLL loading Microsoft has released an advisory describing the problem, actions that may be taken by users, administrators ...
• Microsoft releases tool to block DLL load hijacking attacks
  Microsoft responded to reports of potential zero-day attacks against a large number of Windows apps by publishing a tool to block known exploits. View full post on Computerworld Security News...
• Microsoft Releases Advisory On XP Help Vulnerability
  Microsoft has released a formal security advisory for the vulnerability disclosed today in the Windows XP and Windows Server 2003 help systems. There's nothing in the advisory to expand on t...
• Patchday: Fresh releases from Microsoft and Google
  As announced last Friday, Microsoft released 3 Security Bulletins which deal with patches for 4 security vulnerabilities. One of them is rated critical and resides within the DirectShow framework for ...
• Microsoft Windows SMB “mrxsmb.sys” Remote Heap Overflow Vulnerability
  Technical Description A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers or malicious users to cause a denial of service or take complete control o...
• Internet Explorer Vulnerability with workaround
  In all currently supported Windows operating systems a security vulnerability in the so-called MHTML handler can lead to information disclosure; speculations in the media indicate possibly even worse ...
• Microsoft Warns of Windows Script Injection Vulnerability
  Microsoft tonight released a security advisory for a publicly-disclosed vulnerability in all versions of Windows. Security Advisory 2501696 describes a bug in the MHTML handler in Windows wh...
• Targeted attacks against recently addressed Microsoft Office vulnerability (CVE-2010-3333/MS10-087)
  Last November, Microsoft released security bulletin MS10-087, which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-...
• Malicious .RTF Files Exploit Microsoft Office Vulnerability
  A stack-based buffer overflow vulnerability in Microsoft Office was recently discovered to have been actively exploited in the wild. Trend Micro now detects the exploit .RTF files as TROJ_ARTIEF.SM. ...