Microsoft is yet to comment on the vulnerability and or release a patch for its Windows AppLocker. The Colorado-based Casey Smith also posted proof of concept scripts on GitHub to show the vulnerability. You guessed a signed, default MS binary," wrote Smith while explaining the flaw in a blog post. "The amazing thing here is that regsvr32 is already proxy aware, uses TLS, follows redirects, etc.And. The flaw, which could result in the PC installing malicious apps despite having Windows AppLocker, can be exploited in business editions of Windows 7 and higher. The app or script can then be installed, without administrator access or even modifying the registry - making it very difficult to reverse changes or monitor unauthorised use.
A researcher has however discovered a flaw in Windows AppLocker that lets hackers bypass the protection, and install any app they want.ĭiscovered by security researcher Casey Smith, the flaw allows hackers to use the Regsvr32.eve to install the app, by directing it to a hosted file or script. Microsoft introduced the AppLocker feature in Windows 7, providing company administrators with the ability to whitelist and blacklist apps, ensuring that risk-laden apps are kept of the enterprise's networks.
0 kommentar(er)
