What is a Dynamic Link Library?

A dynamic link library is a system used by Microsoft to allow multiple applications to access the same section of code in Windows® at the same time. This is one of the keys to multitasking working effectively. In 2010, security researchers discovered that loophole in the way the dynamic link library system worked could be exploited by hackers. This led to a dilemma over how to fix it without affecting the usability of applications.

To understand the way a dynamic link library works, it's important to understand the difference between Windows® and software applications. Windows® is an operating system that exists largely to coordinate the way individual applications, also known as programs, access the computer's processing abilities. Windows® itself is ultimately a set of computer codes that effectively acts as the rulebook or guide for how applications interact with each other and with the hardware.

The dynamic link library is the system by which applications can access and run individual sections of Windows® code. One example would be the section of Windows® responsible for printing documents. Most applications need to access this feature at some point, but if every application loaded the relevant code into the computer's memory as soon as the application began running, it would be an inefficient use of resources and could cause conflicts.

To resolve this, the Windows® code for a particular function, in this case printing, is stored as a small program known as a dynamic link library or DLL file. If a user runs an application such as a word processor, this file is not automatically opened. Instead, the word processor only opens and activates the file as and when it is needed, in this case when the user wants to print a document.

Historically, many application developers simply wrote code that said what the name of the relevant dynamic link library was called, rather than specifying exactly where it should be located on the computer. To get around this, Windows® has a set system for locating missing DLL files by searching a set list of locations in a defined order. While this could theoretically be exploited if a malicious file disguised as a DLL file was put in the right place and thus found and opened before the legitimate file, this was not considered a major security risk as hackers would need physical access to a machine to get the malicious file in place.

In 2010, it was discovered that hackers could theoretically get such files in place via a remote connection: that is, over the Internet. This meant dozens of Windows® applications were vulnerable to attacks using this method. The security community was divided as to whether it was better for individual applications to be rewritten to specify the location of the legitimate DLL file, which relied on each developer taking action, or for Microsoft to change the way Windows® deals with such files, which could potentially cause applications to stop working properly.