Clik here to view.
Use Image Hijacking to Globally Replace Notepad.exe
I like to use a progammer’s text editor called EmEditor. Some people like Notepad++, vim, etc. You can change file associations but some things are just hard-coded to call notepad.exe. Notepad.exe is a...
View ArticleClik here to view.
Upgrade and Zenburn the Console Window
Background In Windows, console windows (aka command line or “DOS” windows) are special. In a UNIX-like environment a terminal emulator talks to a local virtual teletype and connects to three text...
View ArticleClik here to view.
The Sad History of the Microsoft POSIX Subsystem
When Windows NT was first being developed, one of the goals was to make the kernel separate from the programming interface. NT was originally intended to be the successor to OS/2 but Microsoft also...
View ArticleClik here to view.
Microsoft Should Formally Deprecate CWD from LoadLibrary Search
Microsoft recently released security security advisory 2269637, “Insecure Library Loading Could Allow Remote Code Execution”. The gist is that the search behavior of LoadLibrary() includes the current...
View ArticleClik here to view.
Java Browser Plugin for Mozilla Vulnerable to DLL Preloading Attack
The “Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers” 32-bit version for Windows uses CWD to load its C runtime library (msvcr71.dll). If you have globally disabled loading libraries from...
View ArticleClik here to view.
Java Built with Unsupported Old Compilers
When I turned off DLL loading from the current working directory to defeat DLL pre-loading luring attacks, one of the things I discovered was that the Java plug-in was broken in Firefox and Chrome....
View ArticleClik here to view.
Mozilla Compatible Silverlight 4 Plugin Requires Loading DLLs from CWD
I visited a site yesterday in Chrome that tried to load Silverlight to provide a video player. I have KB2264107 installed and have globally disabled loading of DLLs from the current working directory...
View ArticleClik here to view.
More Granular Options for CWDIllegalInDllSearch Needed
I’m starting to see a class of issues where plugins rely on their libraries loading from the current working directory (CWD). To me this implies that the 0xffffffff option to completely disable loading...
View ArticleClik here to view.
Chrome MSI Works Great with AppLocker
Google has released a version of the Chrome installer packaged as an MSI rather than using the ClickOnce installer. The major difference is that the MSI creates a global installation under...
View ArticleClik here to view.
A Better Telnet for Windows
There’s no really nice way to say it: the telnet client in Windows is a little strange at best. I mostly use telnet to debug text-based TCP services. The Microsoft telnet implementation isn’t very good...
View Article