Use Image Hijacking to Globally Replace Notepad.exe
I like to use a progammer’s text editor called EmEditor. Some people like Notepad++, vim, etc. You can change file associations but some things are just hard-coded to call notepad.exe. Notepad.exe is a...
View ArticleUpgrade and Zenburn the Console Window
Background In Windows, console windows (aka command line or “DOS” windows) are special. In a UNIX-like environment a terminal emulator talks to a local virtual teletype and connects to three text...
View ArticleThe Sad History of the Microsoft POSIX Subsystem
When Windows NT was first being developed, one of the goals was to make the kernel separate from the programming interface. NT was originally intended to be the successor to OS/2 but Microsoft also...
View ArticleMicrosoft Should Formally Deprecate CWD from LoadLibrary Search
Microsoft recently released security security advisory 2269637, “Insecure Library Loading Could Allow Remote Code Execution”. The gist is that the search behavior of LoadLibrary() includes the current...
View ArticleJava Browser Plugin for Mozilla Vulnerable to DLL Preloading Attack
The “Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers” 32-bit version for Windows uses CWD to load its C runtime library (msvcr71.dll). If you have globally disabled loading libraries from...
View ArticleJava Built with Unsupported Old Compilers
When I turned off DLL loading from the current working directory to defeat DLL pre-loading luring attacks, one of the things I discovered was that the Java plug-in was broken in Firefox and Chrome....
View ArticleMozilla Compatible Silverlight 4 Plugin Requires Loading DLLs from CWD
I visited a site yesterday in Chrome that tried to load Silverlight to provide a video player. I have KB2264107 installed and have globally disabled loading of DLLs from the current working directory...
View ArticleMore Granular Options for CWDIllegalInDllSearch Needed
I’m starting to see a class of issues where plugins rely on their libraries loading from the current working directory (CWD). To me this implies that the 0xffffffff option to completely disable loading...
View ArticleChrome MSI Works Great with AppLocker
Google has released a version of the Chrome installer packaged as an MSI rather than using the ClickOnce installer. The major difference is that the MSI creates a global installation under...
View ArticleA Better Telnet for Windows
There’s no really nice way to say it: the telnet client in Windows is a little strange at best. I mostly use telnet to debug text-based TCP services. The Microsoft telnet implementation isn’t very good...
View Article