Microsoft yeaterday again desisted from calling which of its Windows programs, if any, comprise bugs that could lead to far-flung DLL load hijacking attempts. yesterday, the firms issued an automatized tool to make it simpler for users to stop attacks exploiting vulnerabilities in a server of Windows applications.

The DLL load hijacking vulnerabilities subsist in lots of Windows applications since the application don't call code libraries -- dubbed "dynamic-link library," or "DLL" -- using the full pathname, but rather use just the filename. hackers can exploit that by tricking the application into loading a vicious file with the similar name as the expected DLL. The result Hackers can hijack the PC and place malware on the machine.

"Microsoft plans to address those of our products involved by this problem in the most reserve way for clients," stated a group manager with the Microsoft Security Response Center, in a yesterday's entry on that team's blog. "This will mainly be in the form of security updates or defensive updates."