Microsoft on Monday issued a security advisory outlining a remote attack vector for a class of vulnerabilities that muck with the way applications load external libraries.
"This issue is caused by specific insecure programming practices that allowed so-called 'binary planting' or 'DLL preloading attacks.' These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted application," Microsoft warned.
Microsoft has taken a number of steps to help developers combat the potential risk, including reaching out to third-party vendors through the Microsoft Vulnerability Research Program to let them know of the mitigations available in the OS, and also has released a tool that allows system admins to alter the library loading behavior system-wide or for specific apps.
The reports of the vulnerability first surfaced after researcher Laurent Gaffie detailed the alleged threat and furnished the proof-of-concept code to make his case. Gaffie’s decision to go public with his findings without informing Microsoft hasn’t gone down well with the company.
After investigating the claims Microsoft acknowledged, in a blog post, that the proof-of-concept code does force WMP to crash but it can not be used for remote code execution.