Hello all.
We were able to hijack a EXE installer created with Advanced Installer 16.2 on Windows 7 Service Pack 1 (32bit) when users computer does not have newest windows security updates installed, let's say that user does not update it's computer. (KB3147071 security update fixes this issue).
We received a security incident because of this that we need to resolve as soon as possible.
We could install that windows security update as prerequisite, but dll hijacking occurs before prerequisite install.
The question is can we configure our Advanced installer to search for dll files only from windows directories? Or maybe any other ideas to prevent hjacking ?
Thanks for answers.
Suggested Articles
Re: Dll hijacking exe
Hello,
Can you confirm that your installer setup filename is different than setup.exe?
Starting with Advanced Installer 12.7 we included a security fix for the dll hijacking issue, but to get this working you should make sure your setup filename is different than setup.exe.
All the best,
Daniel
Can you confirm that your installer setup filename is different than setup.exe?
Starting with Advanced Installer 12.7 we included a security fix for the dll hijacking issue, but to get this working you should make sure your setup filename is different than setup.exe.
All the best,
Daniel