Friday, 5 September 2025
28.4 C
Singapore
32.6 C
Thailand
29.3 C
Indonesia
28.5 C
Philippines

In brief: Report shows close to 300 Windows 10 executables vulnerable to DLL hijacking

  • In a new report from a PwC UK security researcher Wietze Beukema, it shows that almost 300 Windows 10 executables are vulnerable to DLL hijacking.
  • A simple VBScript may be enough to allow users to gain administrative access and bypass UAC entirely on Windows 10.
  • “It turns out nearly 300 executables in your System32 folder are vulnerable to relative path DLL Hijacking. Did you know that with a simple VBScript some of these EXEs can be used to elevate such executions, bypassing UAC entirely?” noted Beukema.
  • The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.
  • DLL hijacking attacks can prove useful to a skilled attacker as they grant capabilities such as arbitrary code execution, privilege escalation, and persistence on the target system.
  • The various techniques of DLL hijacking covered by the Beukema’s blog post include DLL replacement, DLL Proxying, DLL search order hijacking, Phantom DLL hijacking, DLL redirection, WinSxS DLL replacement, and relative path DLL Hijacking.
  • Beukema suggests a few prevention methods that can be used to deter such attacks, such as looking for activity in the mock windows \ folder, should one be present on your machine.
  • Also, adjusting UAC settings to “always notify” could help prevent attacks like this, should the end-user be savvy enough to understand what is about to be executed.
  • Another strategy is monitoring instances of DLL creation and loading from unexpected file paths:
  • When building applications, developers should enforce using absolute and not relative paths for loading DLLs, among several other techniques.
  • None of these may alone be sufficiently foolproof. However, when appropriately applied in conjunction, preventative measures such as those explained by the researcher can deter DLL hijacking attacks by a long shot.

Hot this week

Google denies claims of a major Gmail security issue

Google denies claims of a major Gmail security breach, reassuring users that phishing protections remain highly effective.

Veeam launches first software appliance for instant, secure data protection

Veeam has launched its first hardware-agnostic software appliance, offering instant, secure data protection with built-in resilience.

AI-generated music earns record deal for UK creator

British artist Oliver McCann, known as imoliver, signs a record deal for AI-generated music, sparking debate on AI’s role in the industry.

Huawei opens pre-registration for its second tri-fold smartphone in China

Huawei opens pre-registration for its Mate XTs tri-fold phone in China ahead of its 4 September launch, with multiple colours and storage options.

AMD could challenge NVIDIA with the next-generation flagship GPU

AMD is rumoured to be developing UDNA GPUs for a 2027 launch, aiming to rival NVIDIA’s flagship models with a unified architecture.

MOVA Z60 Ultra Roller Complete review: A robot vacuum that edges past the competition

The MOVA Z60 Ultra Roller Complete combines scrubbing mop power, strong suction, and pet-friendly AI for Singapore homes. With StepMaster threshold climbing and a self-cleaning dock, it delivers one of the most complete cleaning solutions today.

Kahoot!: Enabling the future of learning across APAC through AI, localisation and cross-sector engagement

Kahoot! expands in APAC with AI-powered tools, localised content, and a cross-sector strategy to meet the region’s evolving learning needs.

HubSpot unveils Loop Marketing playbook to drive growth in AI era

HubSpot launches Loop Marketing playbook and over 200 AI updates to help businesses grow in the era of AI search and zero-click results.

One in three Australian workers expose company data to AI platforms, Josys warns

Over a third of Australian workers upload sensitive data to AI tools, with Josys warning of rising risks from shadow AI and weak governance.

Related Articles

Popular Categories