Impact of Microsoft Security Advisory (2269637) on .NET coding

Question

Microsoft released Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution.

The note refers to a tool that will help to detect this problem and programming guidelines on Dynamic-Link Library Security.

How do these guidelines translate to .NET development? I assume this only affects Platform Invoke.

Does this remain the recommended way to import system libraries?

DllImport("user32.dll")]

Answer 1

System DLLs like user32.dll are safe because they're in the KnownDLLs list in the registry. If you try to load a DLL called "user32", Windows is hard-coded to take the official copy from the system32 directory.

Answer 2

From that page:

Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability.

and

This issue only affects applications that do not load external libraries securely. Microsoft has previously published guidelines for developers in the MSDN article, Dynamic-Link Library Security, that recommend alternate methods to load libraries that are safe against these attacks.

You link to the same page in your question, so as long as you follow the guidelines outlined on that page your application should be secure. The notes about safe process search mode and the order of searching directories seem to be particularly relevant.