This week Microsoft acknowledged a security hole in Windows that could allow malicious software to control a computer by taking advantage of a flaw in the way DLLs are loaded. While there are a few workarounds, there is currently no universal fix for the problem.
The vulnerability - referred to as binary planting or DLL preloading - arises because certain programs don't specify the qualified path to an external link-library that they need to use. An attacker can exploit this by planting malicious code into a DLL that will allow the system to be remotely controlled when executed.
Unfortunately, the problem isn't limited to Microsoft software. Even though the company has previously issued guidance on how to properly avoid the problem as a matter of good practice, many developers haven't followed the recommended security protocols. These include programs such as Windows Live Mail and Windows Movie Maker as well as the Windows versions of uTorrent and Firefox 3.6. Even Micorosoft's recently released Powerpoint 2010 is reported to be vulnerable.
The latest version of Apple's iTunes was at risk, but an update was released after the flaw was originally discovered in that software.
Though the software-giant has reiterated its guidance to developers, there isn't a great deal that users can do to help secure their systems beyond following general good security-practices. The best action is simply to update affected software as soon as fixes are released.
Full details on the exploit are available in Microsoft's Security Advisory.