New users who want to read up on it can open our coverage of the issue, or Microsoft’s Security Advisory. Both offer a deeper explanation and workarounds for the issue.

The free software DLLHiJackAuditor has been designed to test software for the vulnerability. The portable program can audit any 32-bit Windows application.

The program is dead easy to use. Users need to select an application from the computer system first before they click on the start audit button to test the application.

dll hijack vulnerability

The portable software will automatically load the application, and terminate it. It will uncover any vulnerable DLLs that are found during the audit, and report those back to the user of the program.

The Exploit button becomes active if a vulnerable DLL has been found in the selected software.

Finally, it is possible to create a HTML report of the findings, which contains detailed technical information that the developer of the vulnerable application can use to fix the issue.

DLL Hijack Audit does not require any third party tools to function properly. It has in addition been designed in a way that it does not trigger antivirus or security software on the system. Finally, the program require no special privileges for auditing applications, with the exception if the target executable does).

The software program is available for download at the developer website over at SecurityXploded. The tool can be useful for software developers, and users who want to make sure that the programs they run on their system are not affected by the security issue.

I discovered the software Windows Vulnerability Scanner at Tech Malaya which scans a Windows NT system, that is Windows 2000, Windows XP, Windows 2003 Server or Windows Vista for security vulnerabilities. It seems to use information from the Microsoft Knowledgebase exclusively and one would assume that a system that downloaded all Windows Updates recently reveal no vulnerabilities. I let the software scan my system and it did find six critical and one important security vulnerability that had not been patched yet.

I’m not sure how this can be but was glad that the application revealed the information to me. It lists the vulnerabilities and provides links to the Microsoft website that contains information about it.

The Knowledgebase article at Microsoft contains a link to the download of the security patch and I did install all the patches one after the other. An improvement would have been if the software would automatically download the patches and install them on the system, or at least those that the user selects. If you have not been to Windows Update for a while I suggest you start there and scan the system again afterwards which should fix most of the security vulnerabilities found during the first scan.

Update: The developer website does not seem to be available anymore. You can download the latest version of Windows Vulnerability Scanner from software repositories such as Freeware Files. Just download the program from there and use it normally. Keep in mind though that it is not clear at this point in time if development has stopped or is still ongoing.