Security Watch

Holed Up in the Library

A flaw with curious name, "binary planting," grows out of iTunes on Windows. There's a workaround for that.

Microsoft has released a new security advisory on a vulnerability in the Windows operating system's dynamic link library (DLL). A DLL is Redmond's shared library concept for most of its more prominent iterations of the Windows OS. Redmond said the issue is caused by "specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks."

These practices, according to the security advisory, could "allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location."

The flaw was first uncovered last Thursday by Acros, a security firm in Slovenia, which published an advisory identifying what it called "binary planting" flaw in iTunes. What does iTunes have to do with Windows? Well, when a user opens a media file like one from iTunes using a remote network share, iTunes will naturally attempt to load additional DLLs during the file-loading process.

In this context, according to experts such as H.D. Moore of Rapid 7, the first U.S.-based researcher to make the discovery, and Andrew Storms, director of security at nCircle, a malicious DLL file can ride on in unnoticed and a hacker can then execute code changes remotely.

"The big question of the day doesn't concern third-party application developers that didn't follow Microsoft's programming advice and so are vulnerable to this category of attack," said Storms. "The big question is, which of Microsoft's own products are vulnerable? Microsoft information so far is still skirting this important question."

A consensus among security experts is that the best mitigation, other than to wait and see what Microsoft says in its advisory (which should be released anytime this week), is to block Windows Server Message Block (SMB) at the perimeter and disable Web client service.

Exploit research expert H.D. Moore gave more background on Sunday about how the hack actually goes down, through his proofs of concept outlined in this blog post.

Also, in February, Taeho Kwon and Zhendong Su at The University of California at Davis, published "Automatic Detection of Vulnerable Dynamic Component Loadings," a scholarly look at the subject .

Kwon and Su's work is significant as Kwon told Computerworld this week that he didn't think Microsoft intended to patch the issue, but instead would fix the problem in upcoming Windows OS and Microsoft Office service packs.

For its part, Microsoft said it is investigating whether any of its own applications are affected by insecure library loading vulnerabilities and will "take appropriate action to protect its customers." These "appropriate actions," of course, could include more detailed workarounds, updates in new service packs or even a reversal of the stance on not patching this issue.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Buys Orions Systems To Enhance Vision AI Capabilities in Dynamics 365

    Microsoft announced on Tuesday that it has acquired Orions Systems with the aim of enhancing Dynamics 365 capabilities, as well as the Microsoft Power Platform.

  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.