kidney punches from the windows dll hijacking vuln

There’s been a surprising amount of discussion about the recent Windows DLL hijacking vulnerability, often focusing on whether this is a Big Deal or something stupid. I won’t bother linking to anything or even joining in any further except to expound on my post earlier.

The DLL hijacking is interesting because, well…it’s like walking up to someone you have no reason to mistrust. You shake his hand, but while you do so, someone (maybe his evil twin who was following him) wings a hook beyond your peripheral vision and WHAM! kidney punch. Now, good twin had no idea evil twin was around, and was sincere in his greeting and handshake. But you left yourself open by shaking that hand, and evil twin dropped you to a knee for it.

We can often curse ourselves for shaking hands with the app/guy/file that throws the hook. You run an exe and that’s your problem. You run a streamed media file with malicious code, and that’s still mostly your problem (and partly the fault of the vulnerable app you used to open it). But in this case, you could open a completely innocent file, and get kidney punched.

That’s the important gist of the hijacking vuln, to me. That and the importance this places on patching 3rd-party Windows apps that are vulnerable to this method.