Recently, “MUTTS” at Offensive Security Training did an excellent video demonstrating the Metasploit exploit module for the “new” Insecure Library Loading vulnerability (2269637). Part of the title was “We can’t fix this one”. While I assume he meant we can’t fix the vulnerability, I wanted to show that we can prevent the attack itself.
I just posted my new video on the DLL hijacking attack and how the exploit gets loaded and executed on a victim’s machine. Check out how the malicious DLL uploads on endpoint systems when end-users open up legitimate Powerpoint files:
The video demonstrates how the base operating system is susceptible to the DLL hijack vulnerability and how organizations using application whitelisting such as BOUNCER by CoreTrace are protected from this particular DLL attack. Through the BOUNCER interface, our customers see how our application whitelisting solution successfully blocks all attempts Powerpoint makes to run the corrupt DLL files.
Check it out and let me know what you think or if you have any questions.