Ivanti Blog: Posts by

DLL Hijacking: Risks, Real-World Examples and How to Prevent Attacks

Wed, 17 Dec 2025 14:00:02 Z

There’s been buzz around CVE-2025-56383 (published on Sept. 26, 2025), a hijacking vulnerability in Notepad++ v8.8.3 in which a DLL file can be swapped to execute malicious code.

The CVE has been disputed by multiple parties, but we’re not here to comment on that. However, we are here to comment on DLL hijacking and discuss the very real threat that it poses to an organization. Let’s look into what DLL hijacking is and what measures you can take to keep your DLLs safe.

What DLL hijacking is and how it happens

DLL hijacking (also known as a DLL preloading attack) is a security vulnerability where a legitimate and trusted Dynamic Link Library (DLL) file in a Windows application is replaced with a malicious one.

This method exploits the way applications load DLL files, which contain code and data used by multiple programs. By loading a malicious DLL, a threat actor can execute their own code with the same privileges as the legitimate application, leading to privilege escalation, persistence and defense evasion.

When a program starts, it often needs to load various DLLs to perform specific functions, typically from trusted system directories. However, if an application is not careful about where it looks for these DLLs, it might load a malicious DLL from an insecure or predictable location (i.e., the current working directory or a network share). This can happen if the application does not specify the full path to the DLL or if it searches for the DLL in a directory that can be accessed or modified by an attacker.

While this type of attack is not new, it remains effective due to its simplicity. And although this specific issue pertains to Windows applications, it's important to call out that similar vulnerabilities can affect other operating systems (like Linux and macOS, which use dynamic loading for shared libraries).

DLL hijacking introduces multiple security risks, including:

Data theft: The malicious DLL can intercept and steal sensitive data, such as passwords or personal information.
Compromised systems: The attacker can gain control over the system, potentially leading to further attacks or the installation of additional malware.
Malware: The malicious DLL can act as a conduit for spreading malware, infecting other parts of the system or network.

A DLL can be hijacked in several different ways; here are some of the most common techniques:

Insecure DLL search order: Attackers place malicious DLLs in directories searched before the legitimate DLL's location.
Relative path manipulation: Malicious DLLs are loaded when applications use relative paths.
DLL redirection: Techniques like path manipulation redirect the DLL loading process.
Weak permissions: Attackers replace legitimate DLLs with malicious ones in directories with weak permissions.
Phantom DLL hijacking: Attackers exploit applications loading non-existent DLLs by placing malicious DLLs with the same name in searched directories.

These potential vulnerabilities highlight the importance of secure coding practices and directory permission management when it comes to preventing this form of attack.

How to prevent DLL hijacking and keep your DLLs safe and secure

Although DLL hijacking remains a threat, there are best practices you can follow and implement to reduce your risk for a safer, more secure IT environment.

Secure DLL loading:

Use full paths: Always specify the full path to the DLL when loading it. This ensures that the application loads the DLL from a trusted location (and not from an insecure directory).
Set the safe search path: Use the SetDllDirectory function in Windows to add trusted directories to the search path and exclude insecure ones. This can help prevent the application from loading DLLs from unexpected locations.

File integrity checks:

Digital signatures: Ensure that DLLs are signed with a digital signature and verify the signature before loading the DLL. This can help confirm that the DLL has not been tampered with.
Hash verification: Use cryptographic hash functions to verify the integrity of DLL files. If the hash of the DLL does not match the expected value, the file may have been modified.

User permissions:

Least privilege principle: Run applications with the least privilege necessary. This limits the potential damage of a DLL hijacking, as the malicious code will have fewer permissions to execute harmful actions.
User Account Control (UAC): Enable UAC on Windows systems to prompt users for permission before running applications with elevated privileges. This can help prevent unauthorized changes to system files.

Application control and privilege management:

Known and trusted applications: Application control ensures that only known and trusted applications are launchable, removing the risk of unauthorized applications being introduced.
Privilege control: Effective privilege management is crucial in preventing DLL hijacking. By ensuring that applications have the correct rights and privileges to launch, you limit the ability of unauthorized users to introduce malicious files. This control acts as a key barrier, restricting the access an attacker needs to exploit the DLL search mechanism and thereby enhancing the security of your environment.

Security software:

Antivirus and anti-Malware: Use reputable antivirus and anti-malware software to detect and prevent the loading of malicious DLLs. These tools can scan for known malicious files and behaviors.
Intrusion Detection Systems (IDS): Implement IDS to monitor for unusual activity, such as unexpected changes to DLL files or attempts to load DLLs from insecure locations.

Patch management:

Keep software updated: Regularly update applications and operating systems with the latest security patches. Many DLL hijacking vulnerabilities are fixed via updates, so stay current to help protect against known threats.
Automated patching: Use an automated patch management tool to ensure that all systems are kept up to date without manual intervention. This reduces the window of opportunity for attackers to exploit known vulnerabilities, including those that could be used for DLL hijacking. This proactive approach helps maintain the integrity of your applications and operating systems, making it much harder for attackers to inject malicious DLLs.

By implementing these best practices, you can significantly reduce the risk of DLL hijacking and enhance the overall security of your applications and systems.

Combine the right tools and tactics to prevent DLL hijackings

DLL hijacking has been a persistent form of attack for years, proving that it’s still effective and will therefore continue to be an issue for organizations.

Future-proof your organization using the best practices mentioned above combined with proven solutions like Ivanti Neurons for App Control to help keep your DLLs secure. Capabilities like Trusted Ownership catch and deny a hijacked DLL from being executed by ensuring that ownership of the items matches your approved list of trusted owners.

And, keep your apps up to date to limit exposure to known vulnerabilities. Remove the risk of human error by automating patching with Ivanti Neurons for Patch Management, ensuring that systems are automatically updated and secured.

Windows 11 Migration: Ivanti's Customer Zero Journey with Win11 Upgrades

Mon, 21 Jul 2025 15:46:23 Z

Windows 11 offers enhanced security and a modern user interface, but the transition can be complex for large organizations, with logistical and employee buy-in challenges. Microsoft will end support for Windows 10 on October 14, 2025, so it's crucial to start planning and executing Windows 11 deployments now.

The need to migrate to Windows 11

Migrating to Windows 11 is essential for staying current, secure and efficient. It provides advanced security features like stronger encryption and improved threat detection, safeguarding your data and enhancing IT resilience. The user-friendly interface also streamlines daily tasks, boosting productivity. With Microsoft ending support for Windows 10 this year, upgrading can help organizations avoid increased security risks and potential downtime. According to Gartner, many enterprises are opting to replace even compatible machines with new hardware to ensure optimal performance with Windows 11. Proactive planning ensures a smooth and seamless transition.

Ivanti’s use-case for Windows 10 to Windows 11 migration

At Ivanti, we’ve been successfully rolling out Windows 11 migrations since the beginning of 2025. Like many large organizations, this migration is something we’ve been discussing and planning for quite some time. The goal is to update every eligible machine in a timely manner and triage ineligible machines for further troubleshooting or replacement.

To meet this goal, we prioritized using our own Ivanti Neurons platform solutions, which equipped us with the proactive tools and insights necessary for a successful Windows 11 deployment. Using a phased approach, we were able to identify and address issues coming back from early adopters and gather valuable feedback. Once we saw validation of our plan, we could gradually roll out the upgrade to the rest of the organization, ensuring a smoother migration overall.

Potential challenges

Like any other company, we wanted to get ahead of any potential barriers to a successful migration.

Hardware compatibility and unknown devices

One of the biggest challenges in upgrading to Windows 11 is meeting the hardware requirements. Many existing devices may not satisfy Microsoft's strict criteria, limiting the number of eligible machines. This can be especially problematic for organizations with a mix of older hardware. To tackle this, Ivanti’s IT team used our discovery capabilities to perform a thorough inventory and assessment of all devices, identifying those that would need to be upgraded or replaced before starting the migration. You can’t migrate devices you don’t know about, which made a comprehensive view of our IT landscape a key first step.

End-user friction and disruptions to productivity

User resistance to new interfaces and features can be another barrier to success. Change can be daunting, and the new look and features of Windows 11 may intimidate users accustomed to older versions. OS upgrades can also cause disruptions to users’ work, causing frustrations and downtime. To minimize these issues, Ivanti’s IT team wanted to make sure that updates were happening at a time most convenient to the end user to avoid losing unsaved work or disrupting productivity in general.

Continuing security updates with extended support

Not every machine can immediately upgrade to Windows 11 due to hardware requirements. However, Ivanti’s extended support will allow us to continue Windows 10 security updates past October, keeping these devices protected and functional.

Ivanti’s Extended Security Update (ESU) deployment streamlines the patching process, reduces IT workload and maintains compliance with regulations like GDPR, HIPAA, or PCI-DSS. Unpatched systems face over 1,200 vulnerabilities annually, and a data breach can cost an average of $4.45 million, according to IBM. We need to make sure that any devices that don’t update to Windows 11 are kept safe and secure from vulnerabilities.

Extended support also helps us extend our device lifecycle for devices that aren’t quite ready to be replaced, or when budget constraints are a factor. According to Gartner, many enterprises are still delaying purchases despite the need to move from Windows 10 to Windows 11, extending the lifecycle of their existing equipment and seeking alternatives to maximize their budgets. Ivanti’s ESU solutions help extend the lifespan of these devices, avoiding the high costs of a full hardware refresh. This ensures seamless patching, minimizes security risks and reduces manual IT effort, helping us avoid potential losses and disruptions.

Ivanti’s Windows 11 migration workflow

Ivanti Neurons allowed us to automate key elements of the migration, from the initial device assessment to the upgrade itself, streamlining each phase and allowing our IT team to concentrate on other mission-critical activities. In general, here is how the workflow for updating devices from Windows 10 to Windows 11 looks at Ivanti.

1. Preparation

Identify Devices: Create a group of Windows 10 devices that need to be upgraded.
Download Files: Push necessary files to the devices, ensuring efficient data transfer by using ZIP files.

2. Pre-Check

Eligibility Check: Run PowerShell scripts to verify if the device meets the hardware requirements for Windows 11.
Power Check: Ensure the device is connected to A/C power.

3. User Interaction

Notification: Use Teams bot integration to notify users about the upgrade and allow them to schedule it.
Consent: Users provide consent for the upgrade via an interactive Teams message.

4. Upgrade Execution

Run Upgrade: Execute the Windows Update Assistant to perform the upgrade.
Monitor Progress: Track the upgrade process and handle any errors or issues that arise.

5. Post-Upgrade Actions

Restart Device: Prompt users to restart their devices to complete the upgrade.
Activation Check: Verify that the device is activated with an enterprise license key.
Additional Updates: Apply any necessary Windows updates post-upgrade.

6. Error Handling

Automated Ticket Creation: Use a bot to generate tickets for devices that fail the upgrade process.
Troubleshooting: Enterprise services team handles cases where devices cannot be upgraded automatically.

7. Continuous Improvement

Refinement: Break down the upgrade process into smaller automated steps to streamline operations.
Feedback: Incorporate user feedback to improve the upgrade experience.

This workflow ensures a smooth transition from Windows 10 to Windows 11 while minimizing disruptions and handling exceptions efficiently. This process has been rolled out gradually, taking it one week at a time. It’s been thoughtful and intentional, working to build this process and workflow for the future by ensuring it’s flexible and modular. That way, we can revisit a similar process for the next generation of Windows whenever it comes.

Ready to start your Windows 11 migration?

Migrating to Windows 11 is essential for maintaining security, efficiency and compliance. Ivanti has leveraged our own solutions to automate key steps, gather user feedback and provide extended security updates for ineligible devices, all while ensuring a smooth transition that minimizes end-user disruption and maximizes IT efficiency.

Ivanti’s approach and workflow not only addresses current challenges but also sets up a flexible and modular foundation for future OS upgrades.

Ready to start your own Windows 11 migration? Learn how Ivanti Neurons can simplify and automate the process.

Explore Ivanti Neurons

Cloud Migration: Optimize Business Outcomes with Patch Management

Thu, 24 Oct 2024 10:00:00 Z

The IT landscape is ever evolving and with vulnerabilities only growing, maintaining the security and stability of your systems is now more critical than ever. Because any increase in vulnerabilities leads to an increase in risk.

According to Verizon, exploitation of vulnerabilities increased 180% year over year. And research from Google has shown that zero-day exploits have seen a 50% year-over-year increase.

As businesses continue to embrace cloud migration, this rise in vulnerabilities and security risks emphasizes the vital need for effective patch management. So, it’s important to consider the intricacies of patch management in comparing on-premises and cloud-based patch management approaches.

Let's examine both and explore how cloud-based patching can transform your IT operations by delivering centralized management, increased visibility and better security.

On-premises versus cloud patch management

As mentioned, organizations have two main options when it comes to patch management: on-premises or cloud-based. Many enterprises are now faced with the decision on whether to stick with on-premises patch management or migrate to the cloud. Each approach has its own advantages and disadvantages, so it’s important to understand the differences.

On-premises patch management

On-premises patch management involves handling the patching process within an organization's physical location, where all IT infrastructure, such as servers and software, is managed on-site. This approach allows organizations to maintain full control over when and how patches are applied, which is essential for meeting specific industry compliance regulations.

It also enables the enforcement of strict security protocols tailored to the organization's needs. The initial costs associated with on-premises patch management can be high due to the need for dedicated resources. But these expenses can be optimized over time to suit the organization's specific requirements.

Cloud-based patch management

Cloud-based patch management utilizes cloud-based services, where the patch management software and infrastructure are hosted on the service provider's servers and accessed via the internet. This approach features user-friendly interfaces and automated processes, simplifying the management of patches across different systems and software.

With cloud patch management, the provider manages the underlying infrastructure and platform, such as servers, networks, operating systems and middleware. This means one less thing for you to deal with, allowing you to focus on patching your applications and data.

Additionally, the cloud offers high scalability, enabling businesses to adjust their usage as needed without concerns about physical server capacities. Cost-wise, cloud patch management generally involves a subscription fee, making it more affordable while also reducing the need for extensive in-house IT infrastructure and personnel.

While cloud-based patch management has numerous benefits, it's important to acknowledge potential downsides such as security concerns, downtime, data privacy issues and compliance challenges. Storing sensitive data in the cloud can raise fears of data breaches and unauthorized access, and scheduled maintenance or unexpected downtime from cloud providers can disrupt patch deployment. Additionally, managing data privacy and ensuring compliance with regulations can be complex, especially if certain data must be stored on-premises.

However, many of these disadvantages can be effectively mitigated by selecting a reputable and reliable cloud patch management partner. A strong vendor will prioritize robust security measures, minimize downtime, offer clear compliance solutions, and provide transparency in data handling practices. This makes cloud-based patch management a compelling option, often outweighing the challenges of on-premises solutions.

The best patch management approach for your organization will depend on your specific requirements, budget, and IT capabilities. By considering these, organizations can select the type of solution that is best suited to support their long-term goals and objectives.

Downsides of on-premises patch management

Migrating from on-premises patch management to a cloud-based solution paves the way for a more effective and robust patch management that is scalable, cost-effective, and promotes cross-collaboration. While on-premises patch management has been the traditional choice, it has many challenges that can slow down your operations, making it difficult to keep up with the pace of business.

The financial and operational hurdles of maintaining an on-premises patch management infrastructure can be daunting. The investment in dedicated servers, software licenses and specialized personnel is not insignificant. As organizations grow and their IT environments become more complex, the need for scalability becomes a major concern, increasing the risk of missed patches and security vulnerabilities.

Compatibility issues only add to the challenge of managing patches on-premises. Applying patches can lead to conflicts with existing software or hardware which can then lead to system instability or downtime. Resolving these issues can be complex and time-consuming, often requiring extensive testing and troubleshooting.

The power of cloud patch management is the answer to these obstacles. It enables organizations to optimize their cloud migration strategies by providing centralized management, improved visibility, enhanced security and simplified scalability. This transition drives operational efficiency, robust security and seamless compliance, allowing organizations to thrive in the constantly changing digital landscape.

Benefits of cloud patch management

Cloud patch management streamlines operations and improves security. Centralized management and control enable IT teams to efficiently deploy and monitor patches across multiple cloud environments, ensuring consistent protection and compliance.

Increased visibility into the patch status of cloud workloads further enhances security by enabling timely updates and vulnerability mitigation. Automated patching processes reduce the need for manual intervention, helping to minimize the risk of human error and improve efficiency.

After transitioning to the cloud, SouthStar Bank experienced substantial time savings and enhanced security. With Ivanti Neurons for Patch Management, they gained valuable insights and automation, reducing the time spent on vulnerability research and resolution by several days a month. Neurons’ ability to deliver accurate data enables them to quickly pinpoint and address device issues related to patches, zero-day threats and out-of-band updates.

By addressing vulnerabilities in a timely manner, cloud patch management can help improve an organization’s security posture and reduce the risk of data breaches and system failures. This proactive approach can help protect sensitive data, maintain system integrity and ensure the continuous availability of critical services.

Additionally, cloud patch management can lead to significant cost savings by reducing the need for extensive IT resources and simplifying the complexities that can accompany on-premises patch management. Streamlined operational processes and reduced manual effort help improve cost efficiency and resource allocation.

Cloud patch management provides a comprehensive solution for maintaining the security and stability of IT systems in the cloud. Thanks to robust security measures and seamless access from anywhere, cloud-based patch management fosters teamwork, cross-functional collaboration and data integrity.

Centralized management, improved visibility, automated processes, enhanced security and cost savings are just a few of the reasons why organizations should embrace cloud patch management.

Migrate with ease

Selecting the right cloud provider is crucial for a successful and secure cloud migration journey. Look for a provider with a proven track record in cloud migration, offering a comprehensive suite of services to support your transition.

When selecting a provider for patch management, it's crucial to make sure they meet your needs and requirements, especially when it comes to assessing and mitigating risk. Ask questions about how vulnerabilities are identified: Is it based on exposure and exploitability? How is compliance calculated and what reporting capabilities are there? How are patches prioritized? Are there logging events for audit trails and remediation accountability?

Choosing the right SaaS provider involves evaluating their patch management policies, procedures and SLAs, as well as verifying data encryption for both data in motion and at rest. Additionally, consider the patch history and frequency, the quality and availability of the service, the predictability of the patch management solution and the underlying security constructs. By doing this, you can ensure the solution is secure by design.

With Ivanti Neurons for Patch Management, you can experience a cloud solution that goes beyond on-premises capabilities. Transition to the cloud at your own pace without the need for a disruptive rip-and-replace strategy. With visibility into both cloud-managed and on-premises managed devices, you’ll enjoy a seamless and controlled migration process. You can migrate your workloads and applications incrementally, reducing the impact on your IT operations and maximizing uptime.

Ivanti’s extensive experience in cloud migration delivers the granular control and flexibility you need to tailor your migration to your specific business needs. Whether you're migrating entire workloads or specific applications, our solution is customizable to fit your unique IT landscape. Migrate with confidence with a trusted partner by your side.

Cloud Migration: Unlock the Full Power of Your Unified Endpoint Management Solution

Tue, 08 Oct 2024 14:30:56 Z

To understand the challenges facing modern IT teams in managing a diverse range of endpoints, one word that keeps coming up? Proliferation.

Organizations are faced with a rapidly expanding ecosystem of network devices, tools and assets–some of which are so hidden from view that IT doesn’t even realize they exist. This growth of the attack surface is one reason why recent Ivanti research found that over half of IT professionals say they aren’t very confident about their ability to stop a damaging security incident in the next 12 months.

Just as alarming? More than one in three say they are less prepared to detect threats and respond to incidents compared to a year ago.

It’s a situation that requires new methods and tools. Unified Endpoint Management (UEM) is one of those: A holistic approach that simplifies IT management, enhances security, and transforms the digital employee experience.

Like so many solutions before it, UEM has seen a push to shift to the cloud. When properly implemented, cloud-based UEM can streamline an organization's IT operations, strengthen its security posture, and empower its employees with seamless access to resources.

Let’s explore the key considerations, strategies, and best practices involved in a successful cloud UEM migration journey.

Cloud UEM versus on-premises

When selecting UEM solutions, organizations must choose between cloud-based and on-premises models. Cloud-based UEM reduces the need for internal IT infrastructure, offering cost savings, scalability and remote accessibility.

Conversely, on-premises UEM allows for greater customization and integration with existing systems but requires significant investment in hardware and IT staff, and it may lack the flexibility of cloud solutions. The decision should be based on the organization's specific needs, budget and IT capabilities, ensuring the chosen model aligns with long-term goals and objectives.

Risks of on-premises UEM

While on-premises UEM solutions offer a sense of control and data privacy, they come with several drawbacks and challenges that can hinder an organization's ability to fully obtain the benefits they’re after.

High costs come with the necessary hardware, software and ongoing support needed for on-premises UEM. Organizations need to invest in servers, storage and networking infrastructure and purchase and maintain software licenses. Additionally, dedicated IT staff are required for management and maintenance, adding to operational expenses.
Security is crucial for on-premises UEM solutions, requiring regular updates and significant resources to maintain. This includes both cybersecurity measures and physical security to prevent unauthorized access, making it a costly and time-consuming effort.
On-premises UEM solutions lack the scalability and flexibility of cloud-based alternatives. As businesses grow or evolve, their UEM needs may change. But scaling an on-premises UEM solution can be complex and resource-intensive, requiring additional hardware and software investments. Similarly, adapting the solution to support new devices or operating systems can be challenging and time-consuming.
Data loss is a major risk associated with on-premises UEM solutions, owing to hardware failures, natural disasters or human error. Organizations need to establish strong data backup and recovery strategies to reduce this risk, which adds more complexity and cost to the overall UEM infrastructure.

Benefits of the cloud

Migrating your UEM solution to the cloud unlocks a wealth of benefits that can transform IT management and elevate the digital employee experience.

Cost optimization: Cloud adoption eliminates the need for extensive on-premises infrastructure, reducing hardware and maintenance costs. With subscription-based cloud models, organizations only pay for the resources they use, optimizing IT budgets and freeing up capital for strategic initiatives.
Enhanced security: Cloud-based UEM solutions offer robust security for safeguarding sensitive data and devices. Regular updates and patches ensure protection against the latest threats. Centralized management enables consistent security policies across all endpoints, reducing vulnerabilities and ensuring compliance.
Seamless scalability: The cloud’s native scalability makes it easy to grow and shrink with your business. Provisioning and de-provisioning devices is simple, so you can adapt to changing needs without being held back by your infrastructure.
Enhanced collaboration and flexibility: The cloud allows seamless collaboration across teams and devices, regardless of their location or operating system. Employees can securely access and exchange data from any location, enhancing productivity and flexibility.
Rapid implementation and reduced complexity: Cloud-based UEM solutions offer faster implementation when you compare them to on-premises setups. With minimal infrastructure requirements, organizations can be up and running swiftly, reducing the complexity of IT management.

Leveraging cloud-based UEM cloud means you have constant access to tech advances that keep your organization at the forefront of innovation. This ultimately contributes to improved business outcomes and a superior digital experience for employees.

Cloud UEM migration doesn’t have to hurt

Moving your UEM solution to the cloud might seem like a daunting task, but it doesn't have to be.

Here’s an overview of the steps to follow for a successful cloud migration, steps that involve both the technical and human factors involved:

1. Initial assessment and planning

Evaluate current UEM setup, identifying devices, users and applications managed.
Define necessary cloud UEM functionalities for scalability, updates and security.
Ensure migration meets security standards and regulatory compliance.

2. Choosing a cloud UEM provider

Research potential vendors for security, scalability, integration and support capabilities.

3. Data backup and migration prep

Back up critical data, including device settings, before migration.

Catalog all devices and apps to ensure a comprehensive migration; be sure to discover and include any that are hidden, including unmanaged BYOD devices.

4. Phased migration

Start with a pilot phase for a small group to address issues.
Then gradually deploy the cloud UEM solution more broadly, monitoring progress and resolving issues.

5. Endpoint enrollment and setup

Use automation for easy device enrollment to the cloud UEM.
Adjust policies for device management and security to fit the new system.

6. Ongoing security and monitoring

Implement strong security measures and continuous monitoring with cloud-native tools.

7. Post-migration fine-tuning

Evaluate performance to ensure all devices are operational.
Use automation for regular updates and maintenance.

With the right partner, this process can be smooth and easy, as they bring experience and a proven track record to bear on your UEM migration. They can help you assess your current environment, develop a migration plan and execute your migration with minimal disruption.

Yet a good partner's efforts don't end with the migration. They'll continue to support you, ensuring that your UEM solution is running securely and efficiently in the cloud. They should offer comprehensive services include assessment, planning, migration and ongoing support, driven by proven methodologies and certified engineers with a wealth of UEM migration expertise and experience.

At the end of the day, you'll enjoy a successful cloud UEM migration, leveraging the full benefits of the cloud, without the complexities and headaches that can come from enlisting the wrong partner or attempting it yourself.