MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution

Nessus Output

  • ntdll.dll has been upgraded by KB2264107 or a related, subsequent update,
    but the following registry entry has not been set :
    
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch

Implement registry key

Use the default DLL search path (set it to 0)

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /f /v CWDIllegalInDllSearch  /t REG_DWORD /d 0x0

Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder  (set it to 1)

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /f /v CWDIllegalInDllSearch  /t REG_DWORD /d 0x1

Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder (such as a WebDAV or UNC location) (set it to 2)

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /f /v CWDIllegalInDllSearch  /t REG_DWORD /d 0x2

References: