It is definitely going to take some time before vendors implement the following: http://support.microsoft.com/kb/2389418
The number is definitely going to get well into the hundreds of apps. Interestingly enough, I'll bet that fixing this one issue is going to lead to all sorts of improved stability for many users, given the many places DLLs might get loaded today based on the vagaries of SearchPath vs LoadLibrary API usage. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Thu, Aug 26, 2010 at 1:18 AM, Carl Houseman <c.house...@gmail.com> wrote: > And these as well: Firefox, Dreamweaver, Opera, Teamviewer, VLC Media > player, Avast, Camtasia, SnagIt, Live Mail, Powerpoint. > > > > And those are likely just the beginning. I'd expect the number to get to > 100's of apps. > > > > As for remedy, you either wait for the apps be updated or patched with > secure DLL loading code, or you implement the workaround patch from > Microsoft that you don't like. > > > > Carl > > > > *From:* HELP_PC [mailto:g...@enter.it] > *Sent:* Thursday, August 26, 2010 1:04 AM > > *To:* NT System Admin Issues > *Subject:* Insecure Library Loading Vulnerability > > > > > > According to Secunia already found vulnerabilities on Windows Address Book > and Office Groove. > Are we going to an out of band remedy ? > > *GuidoElia* > *HELPPC* > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
