question

VishnuGopalakrishnan-8317 avatar image
0 Votes"
VishnuGopalakrishnan-8317 asked RLWA32-6355 commented

Impact of uiaccess = true on dlls?

We are planning to update an Exe to uiaccess = true and moving to the secure location.

a. Is it required to move the dependent dlls too?
b. Did we need to sign and create uiaccess = true manifest for these GUI dlls?

windows-wpfwindows-10-securitywindows-api-generalwindows-app-sdk-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

RLWA32-6355 avatar image
0 Votes"
RLWA32-6355 answered RLWA32-6355 commented

a. Yes, you should move dependent dlls to the secure location. Otherwise, the UIAccess application would be subject to DLL hijacking.

b. uiaccess = true relates to a process. It has no meaning for a DLL. In my quick and dirty test on Win 10 21H1 the system permitted loading an unsigned dll into a UIAccess enabled process.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for the quick reply.

Yes, you should move dependent dlls to the secure location. Otherwise, the UIAccess application would be subject to DLL hijacking.

What we observed that the startup linked dlls should be in the secure location. But the runtime loaded dlls are not mandatory. Is any idea on this?
0 Votes 0 ·
RLWA32-6355 avatar image RLWA32-6355 VishnuGopalakrishnan-8317 ·

Any dependent DLL (load-time linkage) located in the dynamic-link-library-search-order will be loaded into the UIAccess process at process start-up. And loading DLLs with LoadLibrary(Ex) at run-time from an insecure location is counter to the objective of securing the UIAccess application.



0 Votes 0 ·