Windows 10 Pro Loses Critical Features

Business customers running Windows 10 Pro will no longer be able to use the Group Policy feature to restrict employees from accessing the Windows Store. Microsoft made this change last month with the upgrade to version 1511 of Windows 10. After this upgrade, users can't disable Windows Store access through Group Policy. According to Microsoft's support page, "This behavior is by design. In Windows 10 version 1511, these policies are applicable to users of the Enterprise and Education editions only."

A Microsoft spokesperson told ZDNet "Windows 10 Pro offers a subset of those capabilities and is recommended for small and mid-size businesses looking for some management controls, but not the full suite necessary for IT pros at larger enterprises."

Businesses need tighter control over their systems, and Microsoft is encouraging enterprise customers to use the Windows 10 Enterprise edition, which lets customers restrict access to the Windows Store through AppLocker or Group Policy.

JBoss Vulnerability Could Lead to SamSam Ransomware

Researchers at Cisco Talos found a vulnerability in JBoss that can be exploited by SamSam ransomware. Cisco Talos said in a blog post, "As part of this investigation, we scanned for machines that were already compromised and potentially waiting for a ransomware payload. We found just over 2,100 backdoors installed across nearly 1,600 IP addresses." The research firm says they estimate over 3.2 million machines are at risk.

SamSam is distributed through compromised servers and then holds victim systems for ransom. Attackers are using the JexBoss open source tool to test and then exploit JBoss application servers. Once they gain access to the network, they start encrypting Windows systems using SamSam.

Cisco Talos suggests that if your server is vulnerable, the first piece of advice is to remove external access to the server. "Ideally, you would also re-image the system and install updated versions of the software," the firm said in the blog post.

New Exploit Bypasses Windows AppLocker

A new Windows vulnerability allows attackers to install any application on Windows systems, bypassing AppLocker. AppLocker is a feature of Windows 7 and Windows Server 2008 R2 that allows admins to manage application access to users. This serious flaw targets business users and not just home users, and it affects the latest Windows 10 systems, as well as earlier versions of Windows going all the way back to Windows 7.

The vulnerability was accidentally discovered by Casey Smith, who realized that the Windows command-line utility Regsvr32 can be exploited to bypass AppLocker by registering and unregistering DLLs. Because this method doesn't touch the system registry, system admins won't find any trace of changes to the system.

Microsoft has not yet released a fix for the vulnerability; however, users can mitigate it by blocking Regsvr from the Windows Firewall.