OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Window Remote Library Execution

What is the problem?

If a program is running in Windows, and it calls for a library to be loaded in, then one of the places it looks for the library is in the current working folder. If that current working folder is on a remote server, then it will use the library in that folder. This means that if an Adobe photoshop picture was on a remote server and opened, then any program, masquerading as a library on that remote server could run on your computer. It could infect your computer and take control of it.

Is the problem real?

Yes. It is being found and exploited.

Will Windows Update fix the problem?

There is no indication Microsoft intends to fix it with their normal security patches.

What is the Fix?

Microsoft has a fix that will create a registry entry that lets you stop libraries from being run from working directories on remote servers.

How do I get it?

Microsoft's support site: support.microsoft.com⁄kb⁄2264107 has the fix.

1. Scroll down to the update package for your operating system. Download and install it. Then Reboot your computer. 2. Go back to the Fixit page after installing the update and click the FixIt button on the page.

NOTE! You have to install the update for your operating system and reboot before the Fixit button on the page will work, even though they put the Fixit Button before the update download.

If, for some reason, this didn't work for you or causes some problem, you can Disable the fix with a button that page. So far I haven't experienced any problems or heard of any.

What is it doing?

The update enables a registry entry that controls where Windows is allowed to look for a library invoked when the working directory is remote. The fix sets that variable to 2, which stops any remote library loading when the working directory is remote. This is explained on the Windows support page with the fix if you want an in depth explanation.

Date: December 2010

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster