A researcher has found a Windows flaw that centres around the Applocker. Applocker is a feature in Windows 7 and Windows Server 2008 R2 that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files. If you use AppLocker, you can create rules to allow or deny applications from running.
Today’s organizations face a number of challenges in controlling application execution, including the following:
Which applications should a user have access to run?
Which users should be allowed to install new software?
Which versions of applications should be allowed?
How are licensed applications controlled?
Put simply with this tool, only apps you allow will open but now an American researcher Casey Smith says by using Regsvr32, you can point it to a remotely hosted file (such as a script), you can make a system run whichever app you want — just what hackers and virus writers are looking for. It’s stealthy, too, as it doesn’t require administrator access or give itself away through registry changes.
Smith has even gone further to publish a proof-of-concept script on GitHub.
In the meantime though until Microsoft can issue a permanent fix, you can disable Regsvr32.exe and Regsvr64.exe’s access to network from Windows Firewall.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
