This is a MAJOR flaw. I mean, it’s below OS level error, it’s systemic. Every program calls and looks for dll’s. And it seems their is no “special” place for them, you can look on your desktop!
WOW!
So much for the late great Windows 7....
Yes, this is a major security hole. It will keep network administrators very busy locking down their networks.
Unfortunately, the every day home user is not a network or system administrator. An operating system should not even allow this sort of behavior.
There’s a special place for them, System32. It also looks in the same folder the exe was run from, which could be the desktop. This has been how Windows works since day 1, somebody just finally figured out you could stick evil dlls in the search path.
It's systemic, but I wouldn't call it below OS level.
Every program calls and looks for dlls.
Mine don't specifically look for any DLLs, so wouldn't be subject to this flaw. I compile everything into the executable. I avoid P/Invoke like the plague. Of course my programs aren't quite as big as the vulnerable ones mentioned. They could indirectly call DLLs by invoking C# methods that cause the runtime to invoke DLLs, but those would be called within the .NET system to known locations. You'd need a broke .NET installation to make it vulnerable, and then that might cause the program to not run in the first place.
Yes, I am a Windows developer, and my favorite language is C#.
Can I persuade you to make a sizeable monetary wager on that?