AppInit_DLLs in Windows 7 and Windows Server 2008 R2
- Clients - Windows 7
- Servers - Windows Server 2008 R2
- Severity - Low
- Frequency - Low
AppInit_DLLs is a mechanism that allows an arbitrary list of DLLs to be loaded into each user mode process on the system. Microsoft is modifying the AppInit DLLs facility in Windows 7 and Windows Server 2008 R2 to add a new code-signing requirement. This will help improve the system reliability and performance, as well as improve visibility into the origin of software.
Values stored under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \Windows key in the registry determine the behavior of the AppInit_DLLs infrastructure. The table below describes these registry values:
|LoadAppInit_DLLs (REG_DWORD)||Globally enables or disables AppInit_DLLs.||0x0 – AppInit_DLLs are disabled.|
|0x1 – AppInit_DLLs are enabled.|
|AppInit_DLLs (REG_SZ)||Space or comma delimited list of DLLs to load. The complete path to the DLL should be specified using Short Names.||C:\ PROGRA~1\WID288~1\MICROS~1.DLL|
|RequireSignedAppInit_DLLs (REG_DWORD)||Only load code-signed DLLs.||0x0 – Load any DLLs.|
|0x1 – Load only code-signed DLLs.|
All DLLs that are loaded by the AppInit_DLLs infrastructure should be code-signed. In the interests of application compatibility, the Windows 7 Operating System will load all AppInit DLLs. However, Microsoft recommends that all application developers code-sign their DLLs to help improve the reliability of Windows and prepare for code-signing enforcement in future versions of Windows. The RequireSignedAppInit_DLLs registry key controls this behavior and its value on Windows 7 is set to 0 by default.
Windows Server 2008 R2
All DLLs that are loaded by the AppInit_DLLs infrastructure must be code-signed. The RequireSignedAppInit_DLLs registry key controls this behavior and its value on Windows Server 2008 R2 is set to 1 by default.