It appears that this new vulnerability requires programs to adopt secure DLL loading. As Microsoft says they can't fix the issue by patching Windows as it would mess up a lot of programs so it is up to programmers to fix it in their own programs. This applies to all programs that load external libraries (DLL files) one way or another - so it applies to ICS as well as it loads SSLEAY32.DLL and other DLL's
The solution is to load DLL files in a secure manner as described here: Dynamic-Link Library Security - how to load libraries securely: http://msdn.microsoft.com/en-us/library/ff919712%28VS.85%29.aspx More info about this vulnerability: Microsoft Security Advisory (2269637): http://www.microsoft.com/technet/security/advisory/2269637.mspx http://www.f-secure.com/weblog/archives/00002018.html Google search on this issue: http://www.google.com/search?q=KB+2269637 -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
