Microsoft Windows 11 DLL Hijacking Vulnerability on ARM64 Architecture

A DLL hijacking vulnerability has been identified in all PE32 executables running on Windows 11 versions 22H2 and 23H2 for ARM64 CPUs. This vulnerability allows an attacker to execute code by placing a malicious DLL in the same directory as the executable. Affected versions of Windows 11 for ARM load Base DLLs from the application directory with higher priority than from the Windows installation directories, creating an opportunity for hijacking. This issue is present in all versions of Windows 11 for ARM prior to the 24H2 release.

Impact

Exploitation of this vulnerability allows for arbitrary code execution by hijacking Base operating system DLLs.

Remediation

Users should update to Windows 11 24H2 when possible. It is also recommended to move installers to a clean directory before running them. Software vendors should distribute installers as compressed archives to ensure they are extracted to a clean directory.