Vault 7 Tracker

There is a lot of hype and sensationalism and a bit of false news circulating about Vault 7, the latest Wikileaks revelation. But in this treasure trove of CIA documentation there are some irrefutable truths, and that’s what the Ivanti Vault 7 Tracker will help you understand. 

I’m talking DLL Hijacks here: DLL hijacking methods for a host of known applications, uncovered by the CIA and kept in their personal arsenal for later use. Now that they have been disclosed, the vendors of these products are responding to the threats. We want to help you understand which products and versions are vulnerable to this sort of attack, if the vendors responded with any immediate mitigation options, and where available what versions you should update to that protect against this form of attack.

Now not all vendors will respond the same. Notepad++ for instance, has released an update that should properly validate signing of DLLs that could be used in a DLL Hijack.

It’s not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won’t be loaded, and Notepad++ will fail to launch.

Babel Pad has gone the opposite route and stated it is not their product that is vulnerable, but repackaged versions of their product. User beware!

In the Sophos Q&A link in the table below they go into a bit more detail explaining how a DLL Hijack works.

The industry-leading Content Team here at Ivanti has been working to pull together all the details that are out there, and will continue to update this list as new information becomes available. Vault 7 has opened Pandora’s box—a threat to us all given the vulnerabilities it highlights and the threat actors out there that will use it to develop exploit code. The race is on, and we’d like to help give everyone an edge to plug these holes as quickly as possible. 

Product Patching Support Vuln. Ver. Fixed in Ver. Date Released Vendor Response
VLC Media Player Image result for green check mark 2.1.5 2.2.5 No ETA Mitigation and Future Release Plans
Irfan View Image result for green check mark
Chrome Image result for green check mark
Opera Image result for green check mark
Firefox Image result for green check mark Shame on the CIA post
Thunderbird Image result for green check mark
Opera Mail Image result for green check mark
Foxit Reader Image result for green check mark
Libre Office Image result for green check mark
Notepad++ Image result for green check mark 7.3.2 and Earlier 7.3.3 3/8/2016 Release Announcment
Skype Image result for green check mark
7-Zip Image result for green check mark
ClamWin
Kasperksy TDSS Killer
McAfee Stinger
Sophos Virus Removal Vault 7 Q & A
Prezi
Babel Pad Repackaged Versions Only N\A N\A Mitigation Only
Iperius Backup
Sandisk Secure
U3 Software
2048
LBreakout2

Chris Goettl

Chris Goettl has over 15 years of experience in IT Management. He spent several years working in IT before joining Shavlik in 2004. Chris started in the Shavlik support team, supported OEM partners integrating Shavlik SDK's, worked in Sales as a Systems Engineer, and is now the Product Manager for the Shavlik Protect product line.