Microsoft Moves to Close Windows DLL Vulnerability

Microsoft says it now has a workaround available to users and IT administrators — in the form of a Windows Registry key — that closes a potentially dangerous security vulnerability in Windows and dozens of applications.

In the meantime, however, the industry is coming to terms with the revelation that that Microsoft knew about the DLL flaw for almost a year before releasing the fix just days after a security firm went public with details of the problem.

Complicating matters is also the fact that the flaw was also discussed in a paper published last month at an ACM conference.

eSecurity Planet takes a look at the situation, and how what seemed to be a flaw with Apple iTunes has morphed into a potentially far more dangerous state of affairs.

A serious security vulnerability in iTunes for Windows turns out to affect many other Windows applications — and not just those from Microsoft (NASDAQ: MSFT) or Apple — according to a graduate student in California who says he warned the software giant about the problem almost a year ago.

Now, with the flaw having been exposed publicly last week, Microsoft is moving fast to limit the damage from a vulnerability that experts say poses a danger even though Apple (NASDAQ: AAPL) patched the iTunes vulnerability months earlier.

Read the full story at eSecurity Planet:

Microsoft Was Warned of DLL Vulnerability a Year Ago

News Around the Web