uTorrent Quickly Patches Windows DLL Vulnerability

Ernesto
August 26, 2010
72
utorrent
Print

A critical Windows DLL vulnerability that makes several widely used programs targets for remote hijacks surfaced in the news this week. Among the affected applications are Firefox, Adobe Photoshop and uTorrent. Since the news broke dozens of exploits have already surfaced. Luckily uTorrent was one of the first to fix the vulnerability and now all users are encouraged to update their client.

utorrent Due to a DLL load hijacking vulnerability in the Windows operating system, dozens of applications have become a target for remote hijack exploits. Since Microsoft refuses to patch Windows, the developers of the affected applications have to take measures on their own.

After the news about the vulnerability became public earlier this week, several pieces of exploit code surfaced, attacks that allow outsiders to take control over the PCs of users who run the affected applications.

Included in the list of vulnerable programs are familiar names such as Firefox, Adobe Photoshop, VLC and also the popular BitTorrent client uTorrent. Upon hearing the news the uTorrent developer team didn’t sit still and yesterday an essential update was released that should fix the DLL vulnerability.

“There is a DLL vulnerability in all versions of Windows affecting a great deal of software applications. Subsequently, attack code targeting the uTorrent client surfaced on a third-party website, and while so far no attacks have been reported to us, we have released uTorrent 2.0.4 to fix this vulnerability,” uTorrent Community Manager ‘Firon‘ explained.

“The new client disables loading of DLLs from the current working directory and prevents this exploit from functioning,” Firon said, adding an ensuring message for uTorrent users. “We take our user’s security very seriously, and we sincerely apologize for any inconvenience.”

It is needless to say that all uTorrent users are encouraged to update their clients to the most recent version. With a userbase of more than 50 million monthly users uTorrent is a major target for exploits, so it’s good to see that BitTorrent Inc. takes these security threats seriously.

Previous Post | Next Post

Follow @torrentfreak

SableSlayer

exactly why i use linux :)
Anonymous

I insist on staying with 1.77 :D
http://www.eZee.se www.eZee.se

Hey TF,
A little typo escaped:
“adding an ensuring message for ”

I think you meant
“adding an _assuring_ message for ”
other than that, thanks for the update, uT is my favorite client.
Anonymous

Unix people learned decades ago that you never ever add the current directory to your path (or, as in this case, dynamic library load path).

Windows people seem to not have learned that yet.
Anonymous

An Ars article from two days ago covered this in more depth. Obviously being a site called TorrentFreak you’ll be concerned with things like uTorrent. But, their article makes the following clear misrepresentations:

“Since Microsoft refuses to patch Windows, the developers of the affected applications have to take measures on their own.”

““We take our user’s security very seriously…””
5

http://arstechnica.com/microsoft/news/2010/08/new-windows-dll-security-flaw-everything-old-is-new-again.ars
@Sable

Because alot more people use Windows, it’s only that which can make some Linux users so fucking smug and stay smug.

It’s not the fact that Linux can’t be expolited just like Windows if people were dedicated enough to Linux as they are Windows it would probaly be the same (or more than, since Linux isn’t targeted as much as Windows)

People who think there protected agains’t expolit because they use a different OS need a slap to empty that smugness.
Acce

The best way to get rid of the problem is to get rid of Windows. Use a unix-like os! Gnu/linux, BSD, Solaris and MacOSx
Anonymous

This isn’t a vulnerability. Its by design and Microsoft cant patch it because of software that uses this feature would be completely crippled. Even osx and linux are are designed this way.

Iv been using this technique in dll hooking for years and it takes advantage of the fact that windows loads the dll from the working directory before the system directory via environment variables. Unless you stupidly drop a fake system file that the program uses into the folder the program is launched from, then your completely safe. If a hacker could copy a file like that with out your knowing then why would he waste his time on that instead of just high-jacking the system. PLUS, UAC completely stops this kind of thing from happening anyways (the annoying popup windows constantly asking for permission).
Herp a Derp

http://www.exploit-db.com/local/

winowned!
Katrina

Well done utorrent for patching so quick
But any of you using ipredator VPN have u noticed itkeeps failing on 26aug10 ? What’s wrong ? Ps I use vpncheck to kill utorrent when your VPN looses connection
x

uTorrent 2.0.3

“There is no new version available at this time!”

FUck you 2.
Pingback: Anonymous
james brown

http://pulsedmedia.com/clients/aff.php?aff=006
Jay

@ X

” uTorrent 2.0.3

“There is no new version available at this time!”

FUck you 2.”

Ummm…. just go the web site, download and install.

Douche
Anonymous

does this include the current U-torrent beta’s and alphas ????
wwmoggy

upgraded to Utorrent 2.0.4 thanks
p_c

In reply to “@Sable”

You are only partially right.

Generally LINUX design is significantly better than Windows, and that is partly due to not having the problems of maintaining backwards compatibility with old Windows “we have no concept of security” applications. You know, the early w2k / XP ones that don’t work unless you are an admin account, etc.

But, and this is the key point, the *user* can be dumb in either case. In an ideal world, you only give admin rights to those who properly understand what they are doing, but in practice most users don’t or they give it to all of their family out of a desire to appear ‘fair’ when in fact they are being silly.

If you can persuade an admin account holder to install something, ANY machine is toast!

Sadly a lot of Apple users, and a significant number of LINUX users, don’t seem to realise that being more secure by design and less targeted due to your smaller market share is NOT the same as being invulnerable!

I use LINUX and have little to worry about, but that is more down to (a) keeping it patched, (b) taking time to secure things, (c) taking a very sceptical view of ANY software out there, and finally (d) having a backup, so if I do get rooted, or have a machine die suddenly, my data is safe.

Windows is so often a crap experience from a security point of view, but a good Windows set-up and educated user is MUCH safer than a dumb LINUX user!
Anon

@7
And you are trying to sound all smug and knowledgeable by making a crapload of assumptions. Or are you just a Microsoft fanboy?

Linux CANNOT be exploited in the same way Windows is. The overall model of the OS makes it inherently incompatible with nearly any security breach that may work in Windows.

In fact, most of the security enhancements you enjoy in Windows right now have been in Linux for many years prior to their Windows adoption.

But to give you a perspective, at least 25% of all Windows infections come from USB drives according to http://it.slashdot.org/story/10/08/26/1343206/25-of-Worms-Spread-Via-USB
Linux on the other hand will never load arbitrary applications from USB drives.
¥en

@14

I’ve been having a trawl through the uTorrent forums and as far as I can tell the DLL fix has only been applied to 2.0.4 and not the 3.0 alpha or 2.2 beta clients. However, I don’t see any reason why the fix won’t be incorporated when the most recent builds are released.

@12

If you are trying to get the latest 2.0.4 release using the “Check for updates” button in the client it might not appear for a while (until the automatic update is triggered)

Hope this helps.
Anonymous

“Linux CANNOT be exploited in the same way Windows is.”

of course it can’t
because it isn’t windows
doesn’t mean it cannot be exploited at all, idiot
Jay

way too many people slagging each other off for liking windoze and linux

tend to use both

time for the keyboard warriors to chill out ?
siljaline

The Help file does not launch via the F1 command – bug confirmed >
http://forum.utorrent.com/viewtopic.php?id=82862
rugged

@ ALL the OS fanboys………….

They are ALL much of the same.
_

The most popular OS .. will always have the most virus/worm, hacker exploit attempts.

Does not matter what the OS is .
If Mac_OS was the most popular then….?
_

The ONLY safe system is an OFFLINE system. REALITY.

_

LINUX NEEDS A FIREWALL

OSX NEEDS A FIREWALL
( osx built in firewall is $hit. RESEARCH IT !)

WINDOWS NEEDS A FIREWALL
(windows built in firewall is $hit. RESEARCH IT !)
_
so all the above OS need third part firewalls.

IF linux & macOS where so secure then WHY would they need third party firewalls ?
_

I have used and OWN ALL 3 of the stated OS.

THEY ARE JUST A HOME FOR MY PROGRAMS. thats all.
_
Windows (xp to be exact) is the best platform for running programs.
Simply because it has the most programs…..
Thats the best reason to choose an OS over another.
The reason most people use windows.

After all stability/security is assumed in ALL os these days.
rugged

proof of point…

nintendo Game Cube is much better hardware than a PS2.

THE SOFTWARE .. makes the PS2 the undisputed king of that era.

MORE/better software = MORE usability.
anon

@9
Lets say you got a zipped folder with an mp3 and hidden dll with the correct filename.
You extract the entire folder it to your homefolder and open the mp3. It now automatically loads the dll.
Bob

I laughed when I read that Microsoft intend to patch it! “Hi, were one of the richest companies in the world, and we can’t do anything!”

It’s really time for Linux to take over. :)
Widget

@9, #25 is right, but it should be elaborated a bit more. The current problem is is that the program will load dlls from *where the file you’re opening is from*, then the program folder, then system32. It’s not that the dll has to be in the program folder, it’s that if I just handed you a zip file with a dll and an image in it, it would use that dll instead of its own. For example, a program might load a JPEG library specifically when it needs to open a JPEG picture to save memory most of the time (and, say, so you wouldn’t have PNG libraries loaded for no reason). So it goes to open libjpeg.dll (making that name up) so the libjpeg.dll would be opened instead, its DLLMain() function would be called, and suddenly a mysterious program just ran without your knowing of what it is and what it did. Same with MP3s and iTunes, WMAP, etc. uTorrent might have this problem with opening .torrent files.
Doesy Moses

That what I love about uTorrent, they are always on top of their game. Simply the best.

http://www.anonymity.th.tc
Ninja

Well, you can always run broken programs in unpatched versions of windows (vm and such) or maybe an alternative such as a “wine for windows”.

utorrent team swift response to the issue is awesome and brings more trust to their security policy.

As for Microsoft, they sure are in a problematic position. The right choice would be to fix this issue and offer alternatives to run determined programs with the ‘buggy’ references.

http://support.microsoft.com/kb/2264107

It should help the more skilled users but the average Joe will be in trouble…
Sam

“FIREWALL”
You only need a Firewall if you have applications on your computer listening for connections . If you’re running Linux and you know you have zero programs listening for connections on your PC. Then you’re good to go and you can connect to the internet firewalless. If you’re running a closed source operating system, like macosx or windows. You won’t know what your OS is doing unless you heavily analyze your os and even then you can’t tell exactly what it’s doing. So then you could put up a firewall and block incoming connections that might connect to hidden services / things that are running on your PC.
PlayBoyMan

ANY OS has its weaknesses and can be exploited. Just be careful, update your software and hope for the best.
192.168.32.87

Hey Torrentfreak: Ever heard of a spell-checker?
Phoenix

ppl should get over windoze >.>…
just use for games, anything else LINUX
PlayBoyMan

Microsoft has come up with a hotfix for the DLL vulnerability issue (8/24)

http://www.microsoft.com/downloads/details.aspx?FamilyId=e8941631-fe92-47c3-8872-2814e05e1ecc&displaylang=en#Overview
Ridiculous..

I’ll take my chances. Like with alot of these recent “exploits” you have to be the biggest idiot on the planet to allow them to even remotely happen. Like someone previously said. If you allow someone to write a dll file into your OS then you have other problems :LOL
p_c

@23 rugged

A firewall is needed If you have open ports that an external hacker can probe for vulnerabilities.

Windows has dozens of them (due to its architecture, and due to the MS policy of enabling everything to save users having to figure out how to do it as required), so yes it needs protection. From XP SP2 it was provided and turned on, bit its a bit crappy (e.g. MS’ programs can change its settings without asking you).

Linux usually has very few, none by default in Ubuntu. But of course that changes if you install the SSH daemon, NFS or CIFS network share, etc!

These days its less of a problem if you are behind a NAT router, as most are, since it wont forward random connection attempts.

However, if you use a VPN and/or turn on port forwarding, as you most likely will for P2P, then one more you need a firewall.

Linux has it built in, and the easy and effective option is to install ‘gufw’ to manage it. I block all, except for the open P2P port for Transmission BT, and some like SSH & NFS are enabled only for 192.168.1.* range.

But you need to think again, the biggest vulnerability for any PC today is web browsing, and in particular Adobe’s crap (flash & pdf reader plug-in) which sadly applies to Mac & Linux as well as Windows. A firewall won’t stop that infection route, best it will do is warn you of suspicious traffic AFTER you are stuffed!

For security, Windows is still poorest, but ’7′ is better than XP just from them attempting to get IE out of the core OS (one of their dumbest architecture decisions of all time, probably).
Demfan

Thanks TF! I’ve turned off automatic updates. So thanks for providing info about the new version.
Stiggle

For all the Linux comments – LD_PRELOAD & LD_LIBRARY_PATH.

Both these can be used to create exactly the same situation as Windows is suffering now, and has been used in the past for privilege escalation exploits on Linux box before now.

You just need to be careful what you download, where you download it to & where extract it.
Firon

I turned on autoupdates to 2.0.4 earlier today, so if you do help -> check for updates, you’ll now get prompted to update.

I also uploaded an updated help file for 2.0.4, so when you press F1, you’ll now get the manual. :)

2.2 and 3.0 will be getting updates later today with the fix.

BitTorrent 7.0 has also been updated today (and autoupdated) with the DLL loading fix.
Ilidan Mad

ilidan-500@hotmail.com :) MSN
ScottDmac

@34 – thanks for the link PlayBoyMan
Logic

For the love of god Microsoft fan bois chirping about the highest usage means the most likely to be exploited. Microsoft are notorious for not patching their shitty code effectively or promptly and to top if off Windows reboots itself without warning or authorisation after an update. Windows is insecure and poorly designed and written. Full stop, end of story, end of argument.
Cheap article

Poor article, you did not describe how the attack works, you did not include any links to microsoft knowledge base (KB) articles describing the vulnerability or anything like that. Very poor indeed :-(
Aaron Wells

uTorrent fail.
drunkard

I heard someone used a condom on their modem in fear, but i just went in, clicked it and wham!
knowing it would keep me, my seedlings and my uppers comlpetely safe once i was done.
Thank you!
dingo

@43

Agree.

I would be more interested in reading how and what the vulnerability was instead of reading some general article on an application that got patched.

Well instead some people have posted some nice links which whomever wrote the article should do in future, it’s a poor poor article/
rugged

@42… lol @ YOU

highest usage DOES mean the most likely to be exploited. (turn your brain on)

IF the majority of people drive Volvo. Guess what ? , the most crashed, stolen , damaged ,exploited CAR IS Volvo.
IT’S NUMBERS. Nothing to do with safety/security.

. . . . . . .

OS Fanboys & OS Hater’s….

You are all the same. ( retarded argument lovers )

.

The SOFTWARE is king.
The OS is just a platform for software.
The more quality/usefull software on an OS makes it better.

Thats why xp wins at the moment.
.
I don’t , like many people , give a flying fcuk , What OS I use.
(I have osX , xp, w7 , linux distros(due to the nature of my work )

As long as the software I need , runs well , I am happy.

Most OS today are so similar , it’s hard to say which is technically more surperior.

so…. it’s all about the software.

.
. back to . . .
The fix is an easy one, Nice job utorrent for being quick.
Pingback: uTorrent Quickly Patches Windows DLL Vulnerability | Systema
Bib Fortuna

Jubbu jinga heebo mmosh-tesh boombah ka linga. Ju bah uul wanna wonga wimba! Jah boo jah hee oo ga wanna wonga
BIOS

@ 48 Bib,

I wish more people would see their points in the light you have presented. Thank you for saying what we all were thinking.
User

Arrrgh!!!… Internet Backdraft

http://tvtropes.org/pmwiki/pmwiki.php/Main/InternetBackdraft
BoB

48 Aug 27, 2010 at 17:20 by Bib Fortuna

Jubbu jinga heebo mmosh-tesh boombah ka linga. Ju bah uul wanna wonga wimba! Jah boo jah hee oo ga wanna wonga

Just about the only sensible thing i have heard here..!!!
Herp a Derp

http://digitalacropolis.us/?p=113

In depth explanation of the dll hijacking
in.cog.nito@44

@44

how is it uTorrent fail if they fixed a problem you retard.
Anonymous

Ernest you’re such a wanker
FuzzyX

Application developers not specifying the full path of the file they need to load is pure bad coding.

It is easy as pie to change the systems path load order.

So not stating the full path is Russian Roulette in terms of file loading.

Microsoft is right in that other coders shit buggy work a’int their problem to fix.

Dont code like a retarded monkey high on crack!
Pingback: Darel Philip
blabbities

This has really devolved into an arguement about linux vs Windows. Nice!
Anonymous

@47: You don’t know what you are talking about. Linux is used on enough servers that it would be a *prime* target for exploits if it had the same level of security as Windows.
bogler

One can really tell that school is out for summer right now.

Personally, I can’t wait til these PFYs are back in class & no longer oozing their foetid brainfarts all over the internets…
Kaptain Krunch

The best way to get rid of the problem is to get rid of uTorrent. Use Tixati instead. It is way more secure compared to uTorrent.

http://www.tixati.com/
MM

WTB google OS that is constantly patched…
Whatever

Like guns…
“Games don’t need administrator rights, DRM needs administrator rights”
QuadSlacker1313

Seems to me like the only reasonable solution is to ban all uTorrent peer IPs.
Lomby

It’s good to see they’ve patched it so quickly. I’m updating my FireFox and VLC now because of this. I’ll update my BitTorrent in a minute in case that was affected like the old version of UTorrent(Which I don’t use).
Everything’s hackable, no matter how secure (It’s just more difficult when it is secure). This means all OS have a vunerability of some sort. D=
Ubuntu :D

Simple Ubuntu is still safe and sound. :D

———————————

If Ubuntu could play TF2 and CSS then linux would be all-powerful.

‘Nuff said.
Pingback: Torrent VPN Service | Personal VPN
monster

“If Ubuntu could play TF2 and CSS then linux would be all-powerful.”

lols…really.

MMO’s are where the money is, they seem rather lacking on Linux, so it really has no hope.
Priss

utorrent 2.0s really suck at speed wise. They its to help the ISP.
I really don’t want to update
policeman

iOS was the major player on smartphones in the US for a long time.

It did not have as much malware as android.

So the major OS is not necessarily the most security redundant.

(now android has a bigger user base)
Think About It

If Microsoft OS is so great, why not switch to Vista?

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

uTorrent Quickly Patches Windows DLL Vulnerability

Related Posts

Previous Post | Next Post

NewsBits

The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

The Pirate Bay Moves to .SX as Prosecutor Files Motion to Seize Domains

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed