Microsoft has released a work-around tool to ward off attacks that exploit dynamic-link library (DLL) loading vulnerabilities...
while administrators update affected applications.
The company has recognised it may take some time for administrators to check and update all affected Microsoft and third-party applications.
A week after issuing a security advisory on the issue, Microsoft has also pledged to address DLL loading vulnerabilities in its software.
"This will primarily be in the form of security updates or defense-in-depth updates," according to Jerry Bryant, group manager of security response communications at Microsoft.
"DLL preloading is a well-known class of vulnerabilities and we have had guidance for developers in place for quite some time. We have recently updated that guidance to provide more clarity," Jerry Bryant wrote in a blog post.
Bryant said the work-around tool provides a framework to modify the behaviour of the DLL search path algorithm and block unsafe DLL loading.
But the tool still needs to be configured, and Microsoft has released a Fix-it to do this, he said.
Administrators will have to instal the work-around tool for the fix to work, said Bryant.
In response to enterprise requests to make it easier for them to deploy this tool, Bryant said Microsoft plans to add the tool to the Windows Update catalogue within weeks.
"This will make it easier for those running Windows Server Update Services (WSUS) to deploy," he said.