Exploit gets around Windows' app security safeguards

Microsoft's AppLocker is defenseless if you point to a remote file.

Reuters/Mike Segar

For years, business-focused versions of Windows have had an AppLocker feature that lets you blacklist or whitelist apps. It's undoubtedly helpful for companies eager to keep malware (or just risky software) off their network. However, researcher Casey Smith has discovered a vulnerability in Windows that gets around this barrier. If you tell Regsvr32 to point to a remotely hosted file (such as a script), you can make a system run whichever app you want -- just what hackers and virus writers are looking for. It's stealthy, too, as it doesn't require administrator access or give itself away through registry changes.

There isn't a known patch for the flaw yet, but we've asked Microsoft for comment and will let you know if it has something to say. In the meantime, there is a stopgap. Eric Rand suggests telling Windows Firewall to block Regsvr32, which prevents it from accessing online files. While that's not very convenient if you have a whole office's worth of PCs to protect, it beats the alternative.