Vanilla is a product of Lussumo:Documentation and Support.
21 to 23 of 23
We received some e-mails about active exploitation of this vulnerability in the wild. While there are potentially hundreds, if not thousands of applications that are vulnerable, it appears that the attackers so far are exploiting uTorrent, Microsoft Office and Windows Mail, which are, coincidentally or not, applications for which Proof of Concept exploits have been published. Remember, it is extremely easy to exploit this and it doesn't require any advanced knowledge so be sure to check Microsoft's recommendation above or be very careful about files you open from network shares.
Waiting for a list of programs which are or are not vulnerable isnot a good way to approach this problem. The assumption should bethat any given executable is vulnerable. Don't even bother trying toidentify executables which call SetDllDirectory; there's still thequestion of whether it is called correctly or consistently. The default behavior of the system is broken. We cannot expect anyprogrammers to actually implement the obscure feature which changesthe default behavior. Expecting vendors to do so is not realistic. Ahuge number of Microsoft's own executables do not implement thesetting and attempt to load optional DLLs. If Microsoft can't gettheir own code to do it, expecting others to do so is unrealistic.Assume everything is vulnerable. My suggestion would be: Deploy the update in MSKB 2264107.Configure CWDIllegalInDllSearch to remove the current directory fromthe search path by default system-wide. Identify any programs whichstop working and make executable-specific exceptions toCWDIllegalInDllSearch for them. Contact vendors of those applicationsfor updates (good luck with that!). Ideally, use Software Restriction Policies/AppLocker to limitloading of DLLs from trusted locations only.