Thursday, 3 July 2025
28.1 C
Singapore
29 C
Thailand
24.6 C
Indonesia
29.3 C
Philippines

In brief: Report shows close to 300 Windows 10 executables vulnerable to DLL hijacking

  • In a new report from a PwC UK security researcher Wietze Beukema, it shows that almost 300 Windows 10 executables are vulnerable to DLL hijacking.
  • A simple VBScript may be enough to allow users to gain administrative access and bypass UAC entirely on Windows 10.
  • “It turns out nearly 300 executables in your System32 folder are vulnerable to relative path DLL Hijacking. Did you know that with a simple VBScript some of these EXEs can be used to elevate such executions, bypassing UAC entirely?” noted Beukema.
  • The vulnerability referred to here is relative path DLL hijacking, which is when an attacker can cause a legitimate Windows executable to load an arbitrary DLL of the attacker’s choice, most likely with malicious intent.
  • DLL hijacking attacks can prove useful to a skilled attacker as they grant capabilities such as arbitrary code execution, privilege escalation, and persistence on the target system.
  • The various techniques of DLL hijacking covered by the Beukema’s blog post include DLL replacement, DLL Proxying, DLL search order hijacking, Phantom DLL hijacking, DLL redirection, WinSxS DLL replacement, and relative path DLL Hijacking.
  • Beukema suggests a few prevention methods that can be used to deter such attacks, such as looking for activity in the mock windows \ folder, should one be present on your machine.
  • Also, adjusting UAC settings to “always notify” could help prevent attacks like this, should the end-user be savvy enough to understand what is about to be executed.
  • Another strategy is monitoring instances of DLL creation and loading from unexpected file paths:
  • When building applications, developers should enforce using absolute and not relative paths for loading DLLs, among several other techniques.
  • None of these may alone be sufficiently foolproof. However, when appropriately applied in conjunction, preventative measures such as those explained by the researcher can deter DLL hijacking attacks by a long shot.

Hot this week

Self-driving shuttles to begin rolling through Punggol by late 2025

Self-driving shuttles will launch in Punggol by late 2025, bringing autonomous public transport to Singapore neighbourhoods for the first time.

Mainland investment boom lifts Hong Kong’s market

Chinese firms turn to Hong Kong listings after mainland investors spend US$93B on stocks, eyeing global growth and fresh funding sources.

Xiaomi launches Smart Band 10 and brings POP Run 2025 to Singapore

Xiaomi unveils Smart Band 10 in Singapore with wellness features and fashion upgrades, alongside the return of POP Run 2025 on 12 July.

NVIDIA reveals RTX 5050 entry-level GPU – but is it worth your money?

NVIDIA’s RTX 5050 launches at US$249 with DLSS 3 and Blackwell tech, but better GPU options are only slightly more expensive.

Xiaomi unveils Mix Flip 2 with upgraded features to rival Samsung’s foldable

Xiaomi launches the Mix Flip 2 with new colours, an improved hinge, brighter screens, and a better battery to challenge Samsung’s foldable.

Meta’s investment doesn’t change Scale AI’s priorities, says new CEO

Scale AI CEO Jason Droege confirms the start-up stays independent despite Meta’s 49% stake and outlines plans for broader AI growth.

Mainland investment boom lifts Hong Kong’s market

Chinese firms turn to Hong Kong listings after mainland investors spend US$93B on stocks, eyeing global growth and fresh funding sources.

Alibaba Cloud marks 10 years in Singapore with major AI and cloud expansion

Alibaba Cloud celebrates 10 years in Singapore with global AI tools, new data centres, and expanded services for your digital transformation.

Google lets you share smart home access more easily with family and kids

Google Home lets you easily assign Admin or Member roles, even for kids under 13, to manage your smart home access better.

Related Articles

Popular Categories