US-CERT is aware of a class of vulnerabilities related to how some Windows applications may load external dynamic link libraries (DLLs). When an application loads a DLL without specifying a fully qualified path name, Windows will attempt to locate the DLL by searching a defined set of directories. If an application does not securely load DLL files, an attacker may be able to cause the affected application to load an arbitrary library.
By convincing a user to open a file from a location that is under an attacker's control, such as a USB drive or network share, a remote attacker may be able to exploit this vulnerability. Exploitation of this vulnerability may result in the execution of arbitrary code.
Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note
VU#707943. US-CERT encourages users and administrators to review the vulnerability note and consider implementing the following workarounds until fixes are released by affected vendors
- disable loading libraries from WebDAV and remote network shares
- disable the WebClient service
- block outgoing SMB traffic
Update: Microsoft has released
Fix it tool 50522 to assist users in setting the registry key value
introduced with Microsoft support article
2264107 to help reduce the risks posed by the DLL loading behavior described in
VU#707943. Users and administrators are encouraged to review Microsoft support article
2264107, the Microsoft Security Research & Defense TechNet
blog entry,
and to consider using the Fix it tool to help reduce the risks. Users
should be aware that setting the registry key value as described in the
support article or via the Fix it tool may reduce the functionality of
some third-party applications.
US-CERT will provide updates when additional details become available.
