Tuesday, 16 September 2025
30.3 C
Singapore
33.6 C
Thailand
28.3 C
Indonesia
27.4 C
Philippines

In brief: Report shows close to 300 Windows 10 executables vulnerable to DLL hijacking

  • In a new report from a PwC UK security researcher Wietze Beukema, it shows that almost 300 Windows 10 executables are vulnerable to DLL hijacking.
  • A simple VBScript may be enough to allow users to gain administrative access and bypass UAC entirely on Windows 10.
  • “It turns out nearly 300 executables in your System32 folder are vulnerable to relative path DLL Hijacking. Did you know that with a simple VBScript some of these EXEs can be used to elevate such executions, bypassing UAC entirely?” noted Beukema.
  • The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.
  • DLL hijacking attacks can prove useful to a skilled attacker as they grant capabilities such as arbitrary code execution, privilege escalation, and persistence on the target system.
  • The various techniques of DLL hijacking covered by the Beukema’s blog post include DLL replacement, DLL Proxying, DLL search order hijacking, Phantom DLL hijacking, DLL redirection, WinSxS DLL replacement, and relative path DLL Hijacking.
  • Beukema suggests a few prevention methods that can be used to deter such attacks, such as looking for activity in the mock windows \ folder, should one be present on your machine.
  • Also, adjusting UAC settings to “always notify” could help prevent attacks like this, should the end-user be savvy enough to understand what is about to be executed.
  • Another strategy is monitoring instances of DLL creation and loading from unexpected file paths:
  • When building applications, developers should enforce using absolute and not relative paths for loading DLLs, among several other techniques.
  • None of these may alone be sufficiently foolproof. However, when appropriately applied in conjunction, preventative measures such as those explained by the researcher can deter DLL hijacking attacks by a long shot.

Hot this week

Canon unveils next-generation video production equipment to elevate cinematic storytelling

Canon launches EOS C50, RF85mm f/1.4L VCM, and CN5x11 IAS T R1/P1 to support next-generation video production and storytelling.

AMD executive says AI is underhyped and still in its early stages

AMD’s Jack Huynh says AI is underhyped, with AMD working on innovations not yet invented and set to reveal more at CES 2026.

JFrog launches AppTrust to strengthen software release governance

JFrog introduces AppTrust, a governance solution that improves compliance, security, and trust in enterprise software releases.

China’s retail market shifts as instant commerce rivalry intensifies

China’s retail market is being reshaped as Alibaba, Meituan and JD.com battle for dominance in instant commerce with fast, low-cost deliveries.

Canon Singapore partners with Darren Heath to inspire creativity and community

Canon Singapore partners with racing photographer Darren Heath for a seminar and community events to inspire creativity in Singapore.

Biwin unveils Mini SSD, a tiny storage device that could replace microSD cards

Biwin launches Mini SSD, a tiny yet powerful storage device that could replace microSD cards if industry standards are adopted.

Apple brings major upgrades to Powerbeats Pro 2 with iOS 26

Apple adds heart rate, fitness, and smart usability upgrades to Powerbeats Pro 2 with iOS 26, launching on 15 September.

UltraGreen.ai secures US$188 million anchor investment at US$1.3 billion valuation

UltraGreen.ai secures US$188 million anchor investment led by 65EP, Vitruvian, and August, valuing the firm at US$1.3 billion.

ConnectingDNA launches AI-powered DNA wellness marketplace in Singapore

ConnectingDNA launches the world’s first AI-powered DNA wellness marketplace in Singapore, offering personalised health insights and secure data protection.

Related Articles

Popular Categories