Link: http://tech.slashdot.org/story/10/08/24/0520245/Windows-DLL-Vulnerability-Exploit-In-the-Wild
This is troubling, I can expect a wave of dead systems coming. There's a vulnerability in the way Windows handles looking for a DLL file - and many apps are affected.
Many Windows programs can be exploited simply by tricking users into visiting malicious Web sites or opening malformed documents because of the way the software loads code libraries -- dubbed "dynamic-link library," or ".dll" in Windows -- as well as executable ".exe" and ".com" files. If hackers can plant disguised malware in one of the directories an application searches when it looks for those files, they can hijack the PC.
This one won't go away quickly - so prepare for trouble. Microsoft has released a tool to mitigate the issue but it's mostly for corporate and not very end user friendly.
There are other workarounds customers could take, including blocking outbound SMB (Server Message Block) traffic at the firewall and disabling Windows' built-in Web client.
But you know that 99% of people won't have a clue how to do this.
So if you're a system repairer or tech get ready for some extra work.
- by
Rob