DLL-preloading Remote Attack Vector coming To Windows Server Update Services (WSUS)

Last week, Microsoft released SA 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting apps that load dynamic-link libraries (DLL's) in an insecure manner. And, also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. When installed, this tool still needs to be configured in […]

Last week, Microsoft released SA 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting apps that load dynamic-link libraries (DLL's) in an insecure manner. And, also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. When installed, this tool still needs to be configured in order to block malicious behavior, as a result, SRD team has written a detailed post on this topic and has worked with Microsoft Fix-it team to develop a Fix-it to enable recommended setting which blocks most network-based attack vectors. Note the above tool needs to be installed prior to enabling Fix-it.

Microsoft is also working with Windows Update team to add it to WU catalog to make it easier to deploy via WSUS.

For Detailed Instructions: An update on the DLL-preloading remote attack vector