Friday, August 27, 2010

ICS-CERT DLL Vulnerability Alert

This afternoon ICS-CERT published a new cyber security alert on their Control Systems Security Program web site. This brief alert deals with the recently reported Microsoft Dynamic Library Loading Vulnerability and its potential effects on control systems. Not much information in this alert that isn’t covered in other CERT or Microsoft documents on the issue except for this important warning for the control system security:

“Of note to industrial control systems environments is the fact that DLL safe search mode is disabled by default in Windows 2000 Service Pack 4 and Windows XP prior to Service Pack 3. Windows 2000 versions prior to Service Pack 4 do not support DLL safe search mode.”
This is important because many existing control systems are still based on these older versions of Microsoft Windows.

No comments:

/* Use this with templates/template-twocol.html */