There is a lot of hype and sensationalism and a bit of false news circulating about Vault 7, the latest Wikileaks revelation. But in this treasure trove of CIA documentation there are some irrefutable truths, and that’s what the Ivanti Vault 7 Tracker will help you understand.
I’m talking DLL Hijacks here: DLL hijacking methods for a host of known applications, uncovered by the CIA and kept in their personal arsenal for later use. Now that they have been disclosed, the vendors of these products are responding to the threats. We want to help you understand which products and versions are vulnerable to this sort of attack, if the vendors responded with any immediate mitigation options, and where available what versions you should update to that protect against this form of attack.
Now not all vendors will respond the same. Notepad++ for instance, has released an update that should properly validate signing of DLLs that could be used in a DLL Hijack.
It’s not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won’t be loaded, and Notepad++ will fail to launch.
Babel Pad has gone the opposite route and stated it is not their product that is vulnerable, but repackaged versions of their product. User beware!
In the Sophos Q&A link in the table below they go into a bit more detail explaining how a DLL Hijack works.
The industry-leading Content Team here at Ivanti has been working to pull together all the details that are out there, and will continue to update this list as new information becomes available. Vault 7 has opened Pandora’s box—a threat to us all given the vulnerabilities it highlights and the threat actors out there that will use it to develop exploit code. The race is on, and we’d like to help give everyone an edge to plug these holes as quickly as possible.
|Product||Patching Support||Vuln. Ver.||Fixed in Ver.||Date Released||Vendor Response|
|VLC Media Player||2.1.5||2.2.5||No ETA||Mitigation and Future Release Plans|
|Opera||Not considering this as a security risk|
|Firefox||Shame on the CIA post|
|Notepad++||7.3.2 and Earlier||7.3.3||3/8/2016||Release Announcment|
|Kasperksy TDSS Killer|
|Sophos Virus Removal||Vault 7 Q & A|
|Babel Pad||Repackaged Versions Only||N\A||N\A||Mitigation Only|
|Iperius Backup||Only old versions affected|