Dynamic link libraries (DLLs) allow multiple applications to access the same code in Windows® for efficient multitasking. However, a security loophole discovered in 2010 could be exploited by hackers remotely. The dilemma is whether to rewrite individual applications or change how Windows® handles DLLs.
A dynamic link library is a system used by Microsoft to allow multiple applications to simultaneously access the same section of code in Windows®. This is one of the keys to working effectively with multitasking. In 2010, security researchers discovered that the loophole in how the dynamic link library system worked could be exploited by hackers. This has led to a dilemma of how to fix it without affecting the usability of applications.
To understand how a dynamic link library works, it is important to understand the difference between Windows® and software applications. Windows® is an operating system that exists largely to coordinate how individual applications, also known as programs, access a computer’s processing capabilities. Windows® itself is ultimately a set of computer code that effectively serves as a rulebook or guidebook for how applications interact with each other and with hardware.
The dynamic link library is the system by which applications can access and execute individual sections of Windows® code. An example would be the section of Windows® responsible for printing documents. Most applications need access to this feature at one point or another, but if each application loaded its code into computer memory as soon as the application started running, that would be an inefficient use of resources and could cause conflicts.
To solve this problem, the Windows® code for a particular function, in this case printing, is stored as a small program known as a dynamic link library or DLL file. If a user runs an application such as a word processor, this file is not automatically opened. Instead, the word processor opens and activates the file only as and when it is needed, in this case when the user wants to print a document.
Historically, many application developers simply wrote code that said what the name of the relevant dynamic link library was called, rather than specifying exactly where it should be on the computer. To work around this problem, Windows® has a built-in system for locating missing DLL files by searching through a list of locations in a defined order. While this could theoretically be exploited if a malicious file masquerading as a DLL file was put in the right place and then found and opened before the legitimate file, this was not considered a major security risk as hackers would need access physical to a machine to get the malicious file in place.
In 2010, it was discovered that hackers could theoretically obtain such files via a remote connection, i.e. via the Internet. This meant that dozens of Windows® applications were vulnerable to attacks using this method. The security community was divided as to whether individual applications should be rewritten to specify the location of the legitimate DLL file, which relied on the action of each developer, or for Microsoft to change the way Windows® handles such files, which could potentially cause applications to stop working properly.
Protect your devices with Threat Protection by NordVPN
