Security News Windows: Side-Loading DLL attacks via licensingdiag.exe

[Gandalf_The_Grey]

Content source

https://borncity.com/win/2024/09/01/windows-side-loading-dll-attacks-via-licensingdiag-exe/

I'm once again posting information here in the blog that I stumbled across recently. Anyone who is concerned about Windows security should keep an eye on the command line tool licensingdiag.exe. It is another "living of the land" tool that can be used for side-loading DLL attacks. This is because there is an entry in the registry that specifies which DLL is to be loaded from which path.

Dynamic-Link-Library (DLL) side-loading is a method of cyber-attack that takes advantage of the way Microsoft Windows applications handle DLL files. In such attacks, malware places a fake malicious DLL file in a Windows WinSxS directory so that the operating system loads it instead of the legitimate file. Mandiant addresses this issue in this PDF document, for example.

Grzegorz Tworek published the following tweet on X the other day. There he points out that the command line tool licensingdiag.exe contained in Windows offers an opportunity for attacks. Because the tool is included in Windows, it is also referred to as a "living of the land" attack.

Windows: Side-Loading DLL attacks via licensingdiag.exe

[German]I'm once again posting information here in the blog that I stumbled across recently. Anyone who is concerned about Windows security should keep an eye on the command line tool licensingdiag.exe. It is another “living of the land” tool that can be used for side-loading DLL attacks. This...

borncity.com