Get access to immediate incident response assistance.
Eliminate active threats with 24/7 threat detection, investigation, and response.
Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.
Advance your cybersecurity program and get expert guidance where you need it most.
Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.
Prevent unauthorized access and exceed compliance requirements.
Stop email threats others miss and secure your organization against the #1 ransomware attack vector.
Prepare for the inevitable with 24/7 global breach response in-region and available on-site.
Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.
The vulnerability described in Microsoft Security Advisory 2269637, involves using a legitimate application to preload malicious library files from remote sources, including SMB shares and WebDAV. For example, an audio/video player application might be tricked into loading malware that poses as a codec DLL. This technique is sometimes called “DLL hijacking”. Although SMB falls outside of the scope of secure web gateway solutions, SWG appliances can prevent client applications from using WebDAV to retrieve malicious libraries from the Internet. By default, SWG appliances include a rule named Block Binary Objects without a Digital Certificate. Since malware authors do not sign their code, this rule by itself blocks exploits based on this vulnerability. In some environments, it is preferable to permit downloading of unsigned binaries, so the Block Binary Objects without a Digital Certificate rule is sometimes disabled or placed in X-Ray mode. In this situation, it is still possible to define a policy that prevents attempts to exploit this vulnerability via WebDAV. Doing so involves preventing WebDAV downloads of .dll and .ocx files. The procedure for creating the appropriate lists and rule is detailed below.
To contact Trustwave about this article or to request support: