Jump to content


Microsoft continues to workaround DLL vulnerability

  • Please log in to reply
No replies to this topic

#1 Terryala


    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 01 September 2010 - 06:48 PM

Microsoft continues to workaround DLL vulnerability

Users wishing to use Microsoft's tool (released last week) to block the DLL vulnerability present in a wide range of programs may find that they have a problem. If the setting for the manually created CWDIllegalInDllSearch registry entry in the 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager' path is too strict, programs including Google's Chrome web browser may become unusable. Microsoft has now released a 'fix-it' solution which automatically generates the key and sets it to the less severe value of '2' ? this protects users from direct DLL hijacking from network shares. The fix-it requires the original tool to have been previously installed. Microsoft is currently considering distributing it via Windows Update.

Users who want even more security, including protection from DLL hijacking from local media such as USB flash drives, should set the registry key value to 'ffffffff'. This excludes the working directory from the DLL search path in all cases. Problem cases such as Chrome, which is stopped from working by the modified search sequence, can be dealt with by defining exceptions using another registry key. For Chrome, for example, the key takes the form: "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe". A DWORD CWDIllegalInDllSearch value should be created with the value 0.