MS Security advisory: Insecure Library Loading Could Allow Remote Code Execution

lockRecently issued advisory has kind of shaken the around-security-society: “we all gonna die will be hacked”. Really, this is that nasty sort of a bug which is not a bug, actually. It is more like FireWire: just vulnerable by design, so it is to be fixed more on software vendors side, rather than on Windows one. Correspondingly it is a long, long process and until it is finished it will be considered as a 0day vulnerability. But will it really have such an impact on your security?

I doubt it. Really. On the one hand, an attacker, who successfully utilized the vector has all the power of the current user, which is not good anyway. On the other hand, nevertheless,  the attacker must be either in your local network, or you should use WebDAV. LAN is usually considered as more or less secure. Now the question: how often do you open applications from a not trusted WebDAV folders? I don’t do it and I don’t recommend it whether there is some 0day vulnerability around or no. The only thing that you can do to harm yourself is to open a document from a “prepared” WebDAV folder. This is the hard part to protect from. But you just can avoid doing that unless you are totally sure that the software piece you use to open the document is patched by its vendor or download the document to a local drive before opening it.

So, in normal environment the attacker will get only user’s rights and only in case a document or a program was opened from a not trusted location. It is bad situation, but not as bad as some journalists picture it.

P.S. I still recommend to read the advisory and take precautions.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s