New Exploit Bypasses Windows AppLocker
A new Windows vulnerability allows attackers to install any application on Windows systems, bypassing AppLocker. AppLocker is a feature of Windows 7 and Windows Server 2008 R2 that allows admins to manage application access to users. This serious flaw targets business users and not just home users, and it affects the latest Windows 10 systems, as well as earlier versions of Windows going all the way back to Windows 7.
The vulnerability was accidentally discovered by Casey Smith, who realized that the Windows command-line utility Regsvr32 can be exploited to bypass AppLocker by registering and unregistering DLLs. Because this method doesn’t touch the system registry, system admins won't find any trace of changes to the system.
Microsoft has not yet released a fix for the vulnerability; however, users can mitigate it by blocking Regsvr from the Windows Firewall.
Related content
-
News for Admins
News for system administrators around the world. -
Fight Windows ransomware with on-board tools
Ransomware defense involves two strategies: identifying attacks and slowing the attackers to mitigate their effects. - Windows 10 Pro Loses Critical Features
-
PowerShell add-on security modules
Numerous PowerShell add-on modules provide security and attack functions for penetration tests and forensic analyses, to help admins search for vulnerabilities in their networks. -
Reducing your attack surface
Windows Defender Application Control protects systems against threats that traditional virus scanners and signature-based mechanisms cannot detect by restricting applications in the user context and reducing the code allowed in the system kernel.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
