Numerous UNPATCHED Applications : Insecure Library Loading Vulnerability

Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution

http://www.microsoft.com/technet/security/advisory/2269637.mspx

"This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected".

From that same MS advisory is the following workaround: Disable the WebClient service

"Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service. After applying this workaround it is still possible for remote attackers who successfully exploit this vulnerability to cause Microsoft Office Outlook to run programs located on the targeted user's computer or the Local Area Network (LAN), but users will be prompted for confirmation before opening arbitrary programs from the Internet.

To disable the WebClient Service, follow these steps:

1. Click Start, click Run, type Services.msc and then click OK.
 
2. Right-click WebClient service and select Properties.
 
3. Change the Startup type to Disabled. If the service is running, click Stop.
 
4. Click OK and exit the management application.
 
Impact of workaround. When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that explicitly depend on the Web Client service will not start, and an error message will be logged in the System log. For example, WebDAV shares will be inaccessible from the client computer."

I disabled WebClient earlier this month in response to another vulnerability, with no adverse effects noticed.

1) Emphasize that the above suggestion is a "workaround" --- a temporary, partial blocking mechanism --- rather than an actual "fix".   Of course, a "partial" fix is probably better than no fix at all.

2) The workaround above is just one of three suggested in the Microsoft advisory.   I'm assuming Joe selected only this one because it is simpler to implement (and undo), and it would appear to have minimal (if any) negative consequences.

3) To better understand what this does, the WebClient service "enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available". 

4) BlackViper.com , a website that considers configuring/tweaking Windows services in general , asserts that it's "safe" for (95%+ of) all XP/Vista users to disable the WebClient service "in general", resulting in "little or no side effects" [but for Win7 users, they suggest "manual" is safer (in general)]

XP:  http://www.blackviper.com/WinXP/servicecfg.htm

XPx64:  http://www.blackviper.com/WinXPx64/servicecfg.htm

Vista:  http://www.blackviper.com/WinVista/servicecfg.htm

Win7:  http://www.blackviper.com/Windows_7/servicecfg.htm

So this serves as an  independent confirmation  that it should be safe for XP/Vista (but not necessarily Win7) users to disable the WebClient Service.

You are correct, sir. I do the simple & easily reversible workarounds only.

I am reminded of all the years I ignored MS security patches (not to mention 3rd party updates).

Granted, this was several years ago, but I still managed to avoid infection (I suspect, through safe surfing and common sense).

All these vulnerabilities, and dire warnings, I take with a grain of salt. I would be foolish to ignore them, but at the same time worry about crippling my system taking drastic measures.

The list of impacted programs continues to grow daily...

and while I don't intend to even try to list every one here, I will take a moment to call attention to

QuickTime PictureViewer Insecure Library Loading Vulnerability http://secunia.com/advisories/41123/

because 1) of QuickTime's widespread popularity,

and 2) it appears in Secunia's PSI as rendering all 3 of my (already insecure) browsers [even more] insecure.

Windows Applications Insecure Library Loading

- The Official, Verified Secunia List

Number of products affected: 81
Number of vendors affected: 28
Number of Secunia Advisories issued: 52

 ... and counting.

See them all here:
http://secunia.com/advisories/windows_insecure_library_loading/

This vulnerability in Avast5 has been fixed with the release of version 5.0.677

This vulnerability in Opera has been fixed with the release of version 10.62

This particular vulnerability has been fixed in Firefox with the release of version 3.6.9 ---

however, this newer firefox still is insecure by virtue of another vulnerability!

this vulnerability in QuickTime PictureViewer has been fixed with the release of version 7.6.8