Tuesday, July 12, 2011

API enhancements for Windows in KB2533623

With this week’s update you may find the Update for Windows 7 for x64-based Systems (KB2533623) and is available for Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.

Microsoft has released new API enhancements for Windows to help developers correctly and securely load external libraries. For more information, visit the following Microsoft webpages describing these three APIs.

SetDefaultDllDirectories
Specifies a default set of directories to search when the calling process loads a DLL. This search path is used when LoadLibraryEx is called with no LOAD_LIBRARY_SEARCH flags.

AddDllDirectory
Adds a directory to the process DLL search path.

RemoveDllDirectory
Removes a directory that was added to the process DLL search path by using AddDllDirectory.

Microsoft has also released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website: http://www.microsoft.com/technet/security/advisory/2269637.mspx

Insecure Library Loading Could Allow Remote Code Execution.

The update in Microsoft Knowledge Base Article 2533623 implements Application Programming Interface (API) enhancements in Windows to help developers correctly and securely load external libraries. This update for Windows is available in the "High Priority" Updates category for customers who have not already received the update through automatic updating.

Developers can help to ensure their programs load DLLs properly to avoid "DLL preloading" or "binary planting" attacks by following the guidance provided in Microsoft Knowledge Base Article 2533623 to take advantage of the API enhancements provided by this update.

No comments:

Post a Comment

Subscribe to the comments feed

Some of the latest blog posts

Subscribe to RSS headline updates from:
Powered by FeedBurner

Contact Us | About JTB World | Subscribe to this blog
JTB World's website | Website General Terms of Use | Privacy Policy
^ Top of page

© 2004- JTB World. All rights reserved.