Impact of uiaccess = true on dlls?

Question

question

VishnuGopalakrishnan-8317 asked Sep 29, '21 RLWA32-6355 commented Sep 30, '21

Impact of uiaccess = true on dlls?

We are planning to update an Exe to uiaccess = true and moving to the secure location.

a. Is it required to move the dependent dlls too?
b. Did we need to sign and create uiaccess = true manifest for these GUI dlls?

windows-wpf windows-api windows-10-security windows-app-sdk

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2021-09-29T14:48:58.197Z

RLWA32-6355 answered Sep 29, '21 RLWA32-6355 commented Sep 30, '21

a. Yes, you should move dependent dlls to the secure location. Otherwise, the UIAccess application would be subject to DLL hijacking.

b. uiaccess = true relates to a process. It has no meaning for a DLL. In my quick and dirty test on Win 10 21H1 the system permitted loading an unsigned dll into a UIAccess enabled process.

· 2

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VishnuGopalakrishnan-8317 · Sep 30, 2021 at 03:48 AM

Thank you for the quick reply.

Yes, you should move dependent dlls to the secure location. Otherwise, the UIAccess application would be subject to DLL hijacking.

What we observed that the startup linked dlls should be in the secure location. But the runtime loaded dlls are not mandatory. Is any idea on this?

0 ·

RLWA32-6355 VishnuGopalakrishnan-8317 · Sep 30, 2021 at 08:23 AM

Any dependent DLL (load-time linkage) located in the dynamic-link-library-search-order will be loaded into the UIAccess process at process start-up. And loading DLLs with LoadLibrary(Ex) at run-time from an insecure location is counter to the objective of securing the UIAccess application.

0 ·

question