作者:axis
今天是MS的Patch Tuesday,比较吸引眼球的就是MS08-052,MS08-055等
TK教主老师首先在blog上分析了08-052的危险性,看上去确实很有潜力啊!
不过之后看到SWI写一篇关于08-052的blog里,提到MS08-052的patch有对winsxs文件夹做策略控制,让应用程序只会去加载更新过的gdiplus.dll。
winsxs是MS用来做dll的版本控制的一个东西
The purpose of the WinSxS cache is to keep old versions of assemblies around in case an application requires a specific version, and doesn’t want newer versions. It’s implemented as a folder under %windir% called winsxs. In that folder, you’ll find a subfolder for each version of each assembly that’s managed by the WinSxS cache, with a copy of the assembly in each folder. When an application tries to load a DLL that’s managed by the WinSxS cache, Windows checks to see if that application has a manifest specifying which version of the DLL it wants. If that information doesn’t exist, the application gets the default version of that DLL.
即使应用程序使用了老版本的gdiplus.dll,但是系统也会去加载更新后的gdiplus.dll
After you install the update, clearly you don’t want any application to be able to load one of the old versions that will still be present in the WinSxS cache. That’s why the update includes a WinSxS policy rule that instructs Windows to ignore requests for versions of gdiplus.dll older than the updated one, and to supply the updated one to those applications instead. This is a feature of the WinSxS cache designed for exactly this sort of situation.
如果真的是这样,那QQ等应用程序就可以不去更新gdiplus.dll 了,省了不少事情,毕竟大面积更新安全补丁对厂商来说是非常痛苦的一件事情。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论