Wednesday, 2 July 2025
28.9 C
Singapore
28.1 C
Thailand
22.7 C
Indonesia
28.5 C
Philippines

In brief: Report shows close to 300 Windows 10 executables vulnerable to DLL hijacking

  • In a new report from a PwC UK security researcher Wietze Beukema, it shows that almost 300 Windows 10 executables are vulnerable to DLL hijacking.
  • A simple VBScript may be enough to allow users to gain administrative access and bypass UAC entirely on Windows 10.
  • “It turns out nearly 300 executables in your System32 folder are vulnerable to relative path DLL Hijacking. Did you know that with a simple VBScript some of these EXEs can be used to elevate such executions, bypassing UAC entirely?” noted Beukema.
  • The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.
  • DLL hijacking attacks can prove useful to a skilled attacker as they grant capabilities such as arbitrary code execution, privilege escalation, and persistence on the target system.
  • The various techniques of DLL hijacking covered by the Beukema’s blog post include DLL replacement, DLL Proxying, DLL search order hijacking, Phantom DLL hijacking, DLL redirection, WinSxS DLL replacement, and relative path DLL Hijacking.
  • Beukema suggests a few prevention methods that can be used to deter such attacks, such as looking for activity in the mock windows \ folder, should one be present on your machine.
  • Also, adjusting UAC settings to “always notify” could help prevent attacks like this, should the end-user be savvy enough to understand what is about to be executed.
  • Another strategy is monitoring instances of DLL creation and loading from unexpected file paths:
  • When building applications, developers should enforce using absolute and not relative paths for loading DLLs, among several other techniques.
  • None of these may alone be sufficiently foolproof. However, when appropriately applied in conjunction, preventative measures such as those explained by the researcher can deter DLL hijacking attacks by a long shot.

Hot this week

HDMI 2.2 launches with support for 16K video and 96Gbps cables

HDMI 2.2 supports 16K video, 96Gbps cables, and audio sync upgrades, setting a new standard for future-ready home entertainment systems.

TikTok trials new ‘bulletin boards’ to rival Instagram’s broadcast channels

TikTok is testing bulletin boards, a new feature similar to Instagram's broadcast channels, for direct creator-to-fan updates.

Google adds precise Bluetooth tracking to Pixel Watch 3, but it’s not active yet

Pixel Watch 3 gets new Bluetooth tracking tech called Channel Sounding, which promises precise tracking but still needs full device support.

Mimecast announces new solution to strengthen data compliance in Google Workspace

Mimecast expands compliance tools for Google Workspace users with AI-powered data governance and monitoring across Chat, Drive, Meet and more.

Spotify lets you personalise your Discover Weekly playlist like never before

Spotify now lets you personalise Discover Weekly with genre filters, such as pop and R&B, helping you better shape your weekly playlist.

Cloudflare blocks AI crawlers by default to protect online content

Cloudflare blocks AI crawlers by default to protect online content, giving creators more control and a new "Pay Per Crawl" option.

Sony brings louder bass and new designs to its Ult Power speaker lineup in 2025

Sony’s 2025 Ult Power speakers offer deeper bass, longer battery, and party features, launching in Singapore in Q3.

Self-driving shuttles to begin rolling through Punggol by late 2025

Self-driving shuttles will launch in Punggol by late 2025, bringing autonomous public transport to Singapore neighbourhoods for the first time.

Tenable finds AI workloads bring new cloud security risks in Southeast Asia

AI workloads on cloud platforms pose higher security risks, with 70% containing critical flaws, Tenable reports in its 2025 cloud risk study.

Related Articles

Popular Categories