Yesterday US CERT issued an alert: TA10-238A Microsoft Insecurely Loads Dynamic Libraries. This zero day attack can load in many applications including a few names you may recognize such as Microsoft, Apple and Cisco. The attacker can swap in a DLL and take control of a target application, by executing arbitrary code. http://www.us-cert.gov/cas/techalerts/TA10-238A.html
As you head into the weekend you have no clue about this attack. Your antivirus cannot stop it. Attackers may get control of some of your computers.
What complicates this problem is the fact that end users have thousands of good DLLs on their computers. These good DLLs are very important to keeping the computer operational. So you can’t stop this.
What can you do? It’s time for the Zero Day Dance. This is your moment. The antivirus providers and others will sound the alarm. They will rush updates to the rescue over the next hours and days. They will encourage many of you to join them in the Zero Day Dance.
The Zero Day Dance has lots of moves: forced updates, scans, and patches. And you get to do special moves: rescue infected computers and intensely monitor critical systems. After all, you do not want to get upstaged by the latest in zero day malware. And for the privilege of going to the dance you pay substantial money to well known security providers. It seems odd when there is a more rational way of dealing with this problem.
Savant Protection’s application whitelisting automatically protects the good DLLs and prevents attacks like this. If you had Savant Protection installed, you could go to the beach or lake this weekend instead of the Zero Day Dance. Have a nice weekend.
Filed under: Security