A DLL-preloading remote attack can occur, Microsoft said, when a user double-clicks a malicious file and specifically allows it to run outside of the default MSIE protected mode. It was first publicized by Microsoft on Aug. 23 as Security Advisory 2269637, and can affect all versions of Windows 7, Windows Vista and Windows XP.
Of course, an unknown percentage of Windows 7 and Vista users have protected mode disabled. And since these are the users most likely to download and try unknown software, they are the ones most likely to infect themselves.
Microsoft said, “When an application dynamically loads a DLL without specifying a fully qualified path name, Windows tries to locate this DLL by searching through a well-defined set of directories.” Obviously, by specifying fully qualified paths for all DLLs your applications load, you can spare your users this bit of potential grief.
You can protect your own and your coworkers’ Windows machines from this attack by going here and following the instructions.