Microsoft Issues Update to Windows Allowing Software Developers a Way to Fix a Very Widespread Windows Application Security Issue

A long blog title, I know, but this update from Microsoft is a bit complicated.

About a week ago, Computer World reported a story that Keith Ward blogged about concerning a serious security issue affecting hundreds of Windows applications. The issue is caused by the way many programs load DLLs and related files.

Computer World quoted Mitja Kolsek, CEO of Acros Security here:

"The main enabler for this attack is the fact that Windows includes the current working directory in the search order when loading executables," he said. Hackers can use that to trick a wide range of Windows applications into loading malicious files, just as they normally do their own .dll or .exe files.

This update from Microsoft creates a new registry key that software developers can utilize that excludes the current working directory from the search order, preventing this avenue of attack.

The caveat here is that your software vendor must update your program to use this new registry key to prevent this security vulnerability. Microsoft could fix this problem itself by removing the current working directory from the search order by default but that would immediately break many programs.

In my opinion, the best solution is what is being done - Microsoft provides the means to fix the problem and the program developers update their programs to solve the problem.

What this update does:

This patch from Microsoft updates several core Windows files, the most well known of which is ntdll.dll.

This update applies to you if: you're running any supported version of Windows including Windows 7, Windows Vista, Windows XP, Windows Server 2008 R2, Server 2008, and Server 2003.

More Information:

This update concerns a serious security related issue. You should install this update and then update any other program that discusses this issue as well. Some of your programs may need updated and some of them may not but none will be issued by Microsoft unless they are updates to Microsoft programs.

Both 32-bit and 64-bit versions of the above Windows operating systems are affected.

You may be asked to restart your computer after installing this update.

Automatically install: via Windows Update.

Manually install: via the download link for your operating system here.

Details from Microsoft: Knowledge Base Article 2264107

Related Topics:

• What is a Patch/Fix?
• What is a DLL File?
• What is Windows Update?
• Am I Running a 32-bit or 64-bit Version of Windows?