{"description": "Enterprise techniques mitigated by Restrict Library Loading, ATT&CK mitigation M1044 (v1.1)", "name": "Restrict Library Loading (M1044)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1547", "showSubtechniques": true}, {"techniqueID": "T1547.008", "comment": "Ensure safe DLL search mode is enabled HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\SafeDllSearchMode to mitigate risk that lsass.exe loads a malicious code library. (Citation: Microsoft DLL Security)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1574", "comment": "Disallow loading of remote DLLs. This is included by default in Windows Server 2012+ and is available by patch for XP+ and Server 2003+.\n\nEnable Safe DLL Search Mode to force search for system DLLs in directories with greater restrictions (e.g. %SYSTEMROOT%)to be used before local directory DLLs (e.g. a user's home directory)\n\nThe Safe DLL Search Mode can be enabled via Group Policy at Computer Configuration > [Policies] > Administrative Templates > MSS (Legacy): MSS: (SafeDllSearchMode) Enable Safe DLL search mode. The associated Windows Registry key for this is located at HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\SafeDLLSearchMode(Citation: Microsoft More information about DLL)(Citation: Microsoft Dynamic Link Library Search Order)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1574.001", "comment": "Disallow loading of remote DLLs. This is included by default in Windows Server 2012+ and is available by patch for XP+ and Server 2003+.(Citation: Microsoft More information about DLL)\n\nEnable Safe DLL Search Mode to move the user's current folder later in the search order. This is included by default in modern versions of Windows; the associated Windows Registry key is located at HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\SafeDLLSearchMode.(Citation: Microsoft Dynamic Link Library Search Order)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Restrict Library Loading", "color": "#66b1ff"}]}