DLL Sideloading Attack possible with Non privileged user for .net 7 WinUI3 Windows single exe file (self-contained)

Byoungtaek Min 25 Reputation points
2024-08-13T04:29:28.43+00:00

The .net 7 WinUI3 Windows application single executable file (exe) is prone to DLL Side loading attacks to non privileged users(nomraml users).

I published a .net 7 Windows application as single exe file, self-contained.

When I ran this exe, MSASN1.dll is loaded first before the entry of the app even if I did not use DLLImport anywhere in the code, so I couldn't prevent to load it by adding "SetDefaultDllDirectories" at the OnLaunched of app.xaml.cs.

Is this a design of .net self-contained app?

Or is there any method to prevent loading MSASN1.dll by implementing c# codes?

Please refer to the screenshot of Process Monitor.exe.

Thanks.

BR,

ProcessMonitorForMSASN1

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,921 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,166 questions
0 comments No comments
{count} vote

Accepted answer
  1. Jiachen Li-MSFT 32,376 Reputation points Microsoft Vendor
    2024-08-13T07:45:40.97+00:00

    Hi @Byoungtaek Min ,

    Since MSASN1.dll is likely loaded by the .NET runtime or a system-level component, it is difficult to prevent its loading through application code alone. The SetDefaultDllDirectories function you’ve tried to use is intended to control the directories searched for DLLs, but it doesn’t prevent DLLs from being loaded if they are required by the runtime or the operating system.

    If your concern is about DLL side-loading attacks, ensure that your application is running in a secure environment where untrusted DLLs cannot be placed in directories that are searched by the system. You can also consider using features like Windows Defender Application Control (WDAC) to enforce rules about which DLLs can be loaded by your application.

    Best Regards.

    Jiachen Li


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.