A software developer is concerned about DLL hijacking in an application being written.
Which of the following is the MOST viable mitigation measure of this type of attack?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
DLL (Dynamic Link Library) hijacking is a type of attack where an attacker takes advantage of a vulnerability in an application to replace a legitimate DLL file with a malicious one. When the application runs, it loads the malicious DLL instead of the legitimate one, giving the attacker control over the system.
To mitigate DLL hijacking attacks in an application, the most viable measure is to ensure that the application only loads legitimate DLL files. The following options are possible solutions to mitigate DLL hijacking:
A. The DLL of each application should be set individually: This approach may work, but it is not the most viable solution. Manually configuring each application to load only legitimate DLLs can be time-consuming and prone to error. Also, it may not be practical for applications with a large number of DLL dependencies.
B. All calls to different DLLs should be hard-coded in the application: This approach is not recommended as it can make the application inflexible and difficult to maintain. If a DLL needs to be updated or replaced, the application code would need to be changed, compiled, and redeployed. Hard-coding DLL calls can also make the application more vulnerable to attacks if the DLL is later found to be vulnerable.
C. Access to DLLs from the Windows registry should be disabled: This is a viable solution as it prevents the application from loading DLL files from a location other than the intended one. Disabling access to DLLs from the Windows registry can be done using Group Policy settings or by configuring application manifest files.
D. The affected DLLs should be renamed to avoid future hijacking: Renaming affected DLLs can be a temporary solution, but it does not address the root cause of the problem. Attackers can still find and exploit other vulnerabilities in the application to hijack the renamed DLLs or other DLLs with similar functionality.
Therefore, option C is the most viable solution to mitigate DLL hijacking attacks in an application. By disabling access to DLLs from the Windows registry, the application can only load DLLs from the intended location, which reduces the risk of DLL hijacking.