31Ağu
An update on the DLL-preloading remote attack vector
Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Today we wanted to provide an update by answering several questions we have received from customers and addressing common misperceptions about the risk posed by this class of vulnerability.