[this post comes from Nerds Dennis Houseknecht]For the past couple days, I have been trying to figure out how to best summarize this newly-revealed security issue. Fortunately, Steve Gibson and Leo Laporte explain the details quite well in this weeks issue of Security Now. Here are the highlights:
– This problem is a result of the way Windows loads any .dll files that are required to help a program run. Windows goes through a complex series of steps to locate the required .dll files, but starts with the program’s working directory.
– Some programs, when loading remote files, change the working directory to that of the remote file. There are at least 200 programs that do this, making them vulnerable to this exploit. Apple has patched iTunes, but other vulnerable programs include Firefox, uTorrent, Powerpoint, Wireshark, Microsoft Moviemaker, and many more.
– If an attacker can get a program on your computer to load a remote file and then supply a malicious .dll file from the remote location, your computer could be compromised.
– This is a component of both SMB (Server Message Block – used for sharing files on a local network) and WebDav (used for sharing files over the http). Therefore, this vulnerability can be exploited over local networks or the internet.
– There are no known exploits in the wild, yet, but we can expect to see many attacks surface in the coming days and weeks.
– Microsoft will not be issuing a patch for this because changing the way Windows loads .dll files would cause many programs to break. Rather, the vendors of the vulnerable programs will need to issue patches.
– Microsoft has released a security advisory. You can get information here, and here, and here.
– Here is additional information from Rapid7.