|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
Born, BleepingComputer: Malwarebytes fixes AdwCleaner, removing a DLL hijacking vulnerability
Günter Born is at it again. This time he found a DLL hijacking vulnerability in Malwarebytes’ AdwCleaner 8.
If Windows shows unwanted programs or displaying unwanted ads after installing software possible adware has been involved. In order to clean the system of this unwanted programs, the tool Malwarebytes AdwCleaner may be used (its free for private use)…
When AdwCleaner runs with administrative permissions, the code from the loaded DLL files is also executed as a process with administrative permissions. Normally this works well, because Windows does not find the DLL files in the folder of the program and then searches in the Windows folders. But if a malware knows that a tool has a DLL hijacking vulnerability for certain DLLs, it only needs to store a file with the same name in the folder containing the application.
Born notified Malwarebytes on Dec. 10 and they sent him a beta copy of a new version. That version also had a major DLL hijacking problem. Ultimately, Malwarebytes released a smarter version 8.0.1 without the security hole on Wednesday.
There’s a detailed explanation of the vulnerability and its resolution in this Lawrence Abrams post on BleepingComputer.
-
Avoiding DLL Hijacks
I’ve come up with two common-sense ideas for avoiding DLL Hijack attacks.
Nothing high-tech or fancy. No Registry changes that may break other apps. Just two simple tricks that will break every DLL Hijack exploit that I’ve seen to date.
This is important because the number of reported DLL Hijack-able applications is hovering around 100, and it’ll go higher. If you run any of those apps – Word 2007 and PowerPoint 2007 and 2010 are among them – you’re susceptible to having your machine taken over by simply opening a file. Microsoft isn’t going to fix Windows to block the attacks – they can’t; the hole arises from a feature that’s part and parcel of the way Windows has worked from the beginning. The only way things will get better is when application manufacturers clean up their code. (And, yes, Microsoft is one of the companies with apps that exhibit exploitable behavior.)
If you didn’t catch my original explanation of the DLL Hijack technique, start with my Infoworld Tech Watch article on the basics. Then to see how to protect yourself in two easy steps, see my Tech Watch article How to thwart the new DLL hijacks.
-
DLL hijacking
If you’re wondering what all the fuss is about, check out my Infoworld Tech Watch article.
The sky isn’t falling, but the bad guys just got a potent new weapon.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
‘Minority Report’ coming to NYC
by 5 hours, 24 minutes ago
-
Apple notifies new victims of spyware attacks across the world
by 5 hours, 31 minutes ago
-
Tracking content block list GONE in Firefox 138
by 4 hours, 55 minutes ago
-
How do I migrate Password Managers
by 2 hours, 1 minute ago
-
Orb : how fast is my Internet connection
by 2 hours, 28 minutes ago
-
Solid color background slows Windows 7 login
by 17 hours, 11 minutes ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 15 hours, 41 minutes ago
-
Security fixes for Firefox
by 1 hour, 56 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 1 day, 3 hours ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 1 day, 13 hours ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 1 day, 4 hours ago
-
Return of the brain dead FF sidebar
by 15 hours, 11 minutes ago
-
Windows Settings Managed by your Organization
by 1 hour, 21 minutes ago
-
Securing Laptop for Trustee Administrattor
by 4 minutes ago
-
The local account tax
by 16 hours, 31 minutes ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 2 days, 2 hours ago
-
Digital TV Antenna Recommendation
by 1 day, 18 hours ago
-
Server 2019 Domain Controllers broken by updates
by 2 days, 13 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 2 days, 15 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 2 days, 18 hours ago
-
Outlook (NEW) Getting really Pushy
by 1 day, 21 hours ago
-
Steps to take before updating to 24H2
by 5 hours, 37 minutes ago
-
Which Web browser is the most secure for 2025?
by 2 days, 1 hour ago
-
Replacing Skype
by 1 day, 14 hours ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 2 days, 12 hours ago
-
Excel Macro — ask for filename to be saved
by 1 day, 10 hours ago
-
Trying to backup Win 10 computer to iCloud
by 1 day, 13 hours ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 4 days, 18 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 4 days, 20 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 4 days, 20 hours ago
Remembering Woody
