State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Windows 10 Executables Vulnerable to DLL Hijacking

NJCCIC Advisory

Original Release Date: 7/3/2020

Summary

Security researcher Wietze Beukema discovered almost 300 Windows 10 executables that are vulnerable to DLL hijacking. A threat actor can enable a legitimate Windows executable to load an arbitrary DLL with malicious intent using a simple VBScript to gain administrative privileges and bypass user access controls (UAC).  These attacks have the potential to allow threat actors to execute arbitrary code, escalate privileges, and gain persistence on the target system.

Recommendations

The NJCCIC recommends utilizing Beukema's detection and prevention techniques, such as monitoring for suspicious activity in the Windows folders, adjusting UAC settings to "always notify," and identifying any instance of DLL creation and loading from unexpected file paths. Developers are advised to use absolute paths instead of relative ones for loading DLLs. More technical information can be found in Wietze Beukema's blog post and the Bleeping Computer article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.