Microsoft Offers New Tool For DLL Bug

Dennis Faas's picture

Microsoft has issued an automated Windows tool designed to limit the effects of a recent DLL bug. The company has also noted it is only classing the problem as an "important" rather than "critical" risk.

Windows Dynamic Link Library (DLL) Bug

As noted previously, the problem involves dynamic link libraries (DLLs), a type of shortcut that allows multiple applications to access the same code in Windows.

Many applications are set to automatically open any DLLs stored within their program folders. It's now emerged that it is easier than previously thought to create bogus files that can exploit this process, and that such files can even be placed on a machine without physical access.

In releasing a workaround, Microsoft has revealed some more specifics about how the exploit works. It involves applications that attempt to load a DLL without specifying exactly where it is located on a machine.

When this happens, Windows checks a particular set of directories in a particular order. Those exploiting the process have found ways to make sure that the bogus DLL is located in a place where Windows will find it before the legitimate file. (Source:

Microsoft Solution Made Easier

Microsoft has detailed a series of changes that users can make to the Windows Registry (effectively the index to all the software on the computer) to change the locations and order that Windows looks for DLLs in a way that will minimize risks.

However, as many users will either not be confident altering registry settings, or will be confused about how best to change the DLL process, Microsoft has also issued an automated "Fix it" tool.

To use the tool, users must first download a software update to Windows using the link below. Install the update, then click on the "Fix it" logo on the same page. This will switch on the protection that is made possible by the update but is switched off by default.

Microsoft: Problem Not Critical

Microsoft has also attempted to reassure customers that, though notable because of the sheer number of applications it affects, the problem is not serious enough to be considered "critical".

It says it's not possible for the bug to be exploited simply by a user visiting an infected website (a so-called "drive-by attack"), but instead would have to go through several steps, including double-clicking on a file icon. (Source:

Rate this article: 
No votes yet