33.6 C
Singapore
Wednesday, July 15, 2020
- Advertisement -

In brief: Report shows close to 300 Windows 10 executables vulnerable to DLL hijacking

|

|

Reading time: 2 min read

|

|

Reading time: 2 min read

  • In a new report from a PwC UK security researcher Wietze Beukema, it shows that almost 300 Windows 10 executables are vulnerable to DLL hijacking.
  • A simple VBScript may be enough to allow users to gain administrative access and bypass UAC entirely on Windows 10.
  • “It turns out nearly 300 executables in your System32 folder are vulnerable to relative path DLL Hijacking. Did you know that with a simple VBScript some of these EXEs can be used to elevate such executions, bypassing UAC entirely?” noted Beukema.
  • The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.
  • DLL hijacking attacks can prove useful to a skilled attacker as they grant capabilities such as arbitrary code execution, privilege escalation, and persistence on the target system.
  • The various techniques of DLL hijacking covered by the Beukema’s blog post include DLL replacement, DLL Proxying, DLL search order hijacking, Phantom DLL hijacking, DLL redirection, WinSxS DLL replacement, and relative path DLL Hijacking.
  • Beukema suggests a few prevention methods that can be used to deter such attacks, such as looking for activity in the mock windows \ folder, should one be present on your machine.
  • Also, adjusting UAC settings to “always notify” could help prevent attacks like this, should the end-user be savvy enough to understand what is about to be executed.
  • Another strategy is monitoring instances of DLL creation and loading from unexpected file paths:
  • When building applications, developers should enforce using absolute and not relative paths for loading DLLs, among several other techniques.
  • None of these may alone be sufficiently foolproof. However, when appropriately applied in conjunction, preventative measures such as those explained by the researcher can deter DLL hijacking attacks by a long shot.
- Advertisement -
Bot
Bot
Singapore | Tech Edt Bot is a bot that works for Tech Edt, currently based in Singapore. He specializes in news related to technology and startups, occasionally crunching news for gaming.
- Advertisement -

People also Reading

5 Reasons to Integrate Social Media Into Your Marketing Strategy

Brands are experiencing enormous pressure to get online, embrace and start leveraging the social networks. In the good old days, marketing was just a...

12 Digital Marketing Certifications You Can Get in 2017 / 2018

Most organizations prefer digital marketing professionals with recognized certification as an additional qualification. There are plenty of certification courses that are now available online....

How to stay virtually connected with your customers [Infographic]

After many months of social distancing, some areas are finally starting to ease up on their stay-at-home restrictions. However, it's still likely...
- Advertisement -
Send this to a friend