On August 23, 2010 Microsoft issued Security Advisory 2269637, warning about a new method of attack based on the standard way Windows finds a DLL called by a program when the program does not specifically define the location. InfoWorld’s Woody Leonhard, among others had an article about this on August 24 – Heads Up: A whole new class of zero-day Windows vulnerabilities looms.
In a matter of days, hackers were publishing attacks against many Windows apps including FireFox, Chrome, Word, and Photoshop. See Windows DLL exploits boom (August 26).
This is just one example of the speed with which zero-day attacks can proliferate. This is a particularly bad situation because just one Windows vulnerability is being used to create a large number of zero-day attacks across a wide range of applications. We recommend organizations deploy FireEye to counter these zero-day attacks.
From an end user perspective, on August 27, Woody Leonhard published a helpful article, How to thwart the new DLL attacks. To summarize, Woody has two excellent recommendations for users:
First, never double-click on a file that’s in a potentially compromised location. Drag it to your desktop, then open it.
Second, make Windows show you filename extensions and hidden files.