Microsoft Releases 'Fix it' Help for DLL Security Flaw

Microsoft updated its security advisory today concerning a dynamic link library (DLL) issue and published a "Fix it" solution to help address the problem.

The issue potentially involves hundreds of applications that may fail to specify a direct path to DLL files when accessing a remote server. These poorly written applications could be subject to a hacking method called "DLL preloading attacks" or "binary planting," Microsoft explained last week. In essence, applications that reference DLL files without a specified path could pick up a planted malware files instead.

The new Fix it solution, which is buried in a Knowledge Base support article linked to the revised security advisory, is designed to simplify matters for IT pros. It's supposed to be a one-click solution to the DLL security issue. However, Microsoft added some caveats before using the Fix it solution. IT pros should first download and install update 2264107 (the workaround), which is available in a series of links below the Fix it description in the Knowledge Base article.

The next step is to configure the workaround by clicking the Fix it button. Alternatively, users can manually configure the workaround through the Windows registry. Either way, this fix will "block nonsecure DLL loads from WebDAV and SMB locations," according to the article.

The DLL problem is either associated with remote servers using WebDAV (or "Web-based Distributed Authoring and Versioning"), which is used with Internet Information Services component in Windows, or with remote servers using the Server Message Block (SMB) protocol.

Spokesperson Jerry Bryant for the Microsoft Security Response Center noted that the Fix it solution just configures the workaround tool.

"This tool provides a framework for customers to modify the behavior of the DLL search path algorithm and essentially block[s] unsafe DLL loading," Bryant explained in a blog post. "When installed, this tool [the workaround] still needs to be configured in order to block malicious behavior, and customers have asked us for our recommended setting. As a result, our Security Research & Defense team has written a detailed blog post on this topic and has worked with our Microsoft Fix-it team to develop a Fix-it to enable our recommended setting which blocks most network-based attack vectors. (Please note that the [workaround] tool needs to be installed prior to enabling the Fix-it.)"

Microsoft hasn't issued a patch yet and isn't saying that it will. The problem originates, in part, due to the poor security practices of software coders. Consequently, Microsoft's security team has not described the severity of the exploit. However, Bryant wrote that the DLL vulnerability is "important" for IT pros to address. Those users subject to this DLL security problem have to "click through a series of warnings and dialogs to open a malicious file," he explained.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.