Microsoft have released a software tool to protect PCs against a critical class of vulnerabilities present in more than 100 applications from a variety of companies.

The Fixit only woks on machines that have installed the workaround published by Microsoft last week. The Fixit is intended to make the previous work around easier to use. Allowing the fine tuning of a number of settings that will ensure compatibility with applications.

The DLL hijacking threat derives from Windows default behaviour when loading dynamic link library files for applications running on top of the OS. If an attacker can set the current working directory to one controlled by them, it?s then possible for them to force the OS to run a malicious file. Applications that have been identified as being vulnerable include Mozilla Firefox, Thunderbird, PowerPoint, Outlook 2002, Opera and Nvidia graphics hardware.

Mozilla have not yet commented on the situation, nor have Microsoft confirmed which of it?s application are vulnerable.

Jonathan Ness and Maarten Van Horenbeeck of MSRC have confirmed that the vulnerability doesn?t allow drive by attacks via malicious websites, but is nonetheless a real threat. Particularly for those working with Windows file sharing and other advanced networking options. The pair wrote:

?Unfortunately, based on attack patterns we have seen in recent years, we believe it is no longer safe to browse to a malicious, untrusted WebDAV server in the Internet Zone and double-click on any type of files. We recommend users only double-click on file icons from WebDAV shares known to be trusted, safe, and not under the control of a malicious attacker.?