Windows DLL Bug Could Affect Hundreds of Programs

A security expert says he's seen a record response to the recently-named "Windows DLL bug," which can allow hackers to remotely control infected PCs. Mati Aharoni predicts the number of affected applications will soon be in the hundreds.

This week, Microsoft published a temporary workaround that prevents the exploit from occurring. It's working with third-party application developers to find individual and permanent solutions, but is still extremely wary of issuing a fix to Windows itself.

The issue involves a system in Windows known as dynamic link libraries (DLL), a shortcut for accessing code that can be used by multiple applications at once. That's causing problems because most applications are set to automatically open any DLL files in their directories. While that's always been theoretically open to abuse, several researchers have recently discovered ways to inject bogus (and infected) DLL files in the directories without needing to physically access a machine.

Affected List Grows Rapidly

Since the news broke, numerous exploits have emerged. One of the researchers even produced a tool that can check an application to see whether it is vulnerable. Aharoni, who operates the exploit-db.com database, says that this Tuesday saw the highest number of reported exploits in the database's history, all stemming from the DLL issue. (Source: cnet.com)

Another company says it has discovered 121 different ways to exploit the issue without requiring physical access, covering 41 different applications. Aside from two of the bugs, it's not currently revealing the details to either the general public (including hackers) or Microsoft. (Source: reuters.com)

No Easy Solutions Available

There's some debate over whether this is a problem with Windows itself, or with individual applications; in truth it's arguably both. Tackling the problem on an application-by-application basis may be necessary, because exploits are different in each case.

In theory, Windows could be updated to overcome the problem. In reality, that would prove a technical challenge. The likely result would be that applications would cease working until they were themselves updated to take account of the change to Windows.