Latest in Gear

Image credit: Reuters/Mike Segar

Exploit gets around Windows' app security safeguards

Microsoft's AppLocker is defenseless if you point to a remote file.
243 Shares
Share
Tweet
Share
Save

Sponsored Links

Reuters/Mike Segar

For years, business-focused versions of Windows have had an AppLocker feature that lets you blacklist or whitelist apps. It's undoubtedly helpful for companies eager to keep malware (or just risky software) off their network. However, researcher Casey Smith has discovered a vulnerability in Windows that gets around this barrier. If you tell Regsvr32 to point to a remotely hosted file (such as a script), you can make a system run whichever app you want -- just what hackers and virus writers are looking for. It's stealthy, too, as it doesn't require administrator access or give itself away through registry changes.

There isn't a known patch for the flaw yet, but we've asked Microsoft for comment and will let you know if it has something to say. In the meantime, there is a stopgap. Eric Rand suggests telling Windows Firewall to block Regsvr32, which prevents it from accessing online files. While that's not very convenient if you have a whole office's worth of PCs to protect, it beats the alternative.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
243 Shares
Share
Tweet
Share
Save

Popular on Engadget

Pokémon’s New York-inspired monsters join 'Pokémon Go' today

Pokémon’s New York-inspired monsters join 'Pokémon Go' today

View
Alleged JPMorgan hacker set to plead guilty

Alleged JPMorgan hacker set to plead guilty

View
FCC approves Nexstar’s $6.4 billion acquisition of Tribune Media

FCC approves Nexstar’s $6.4 billion acquisition of Tribune Media

View
Apple Arcade is available early for some iOS 13 beta users

Apple Arcade is available early for some iOS 13 beta users

View
Logitech's newest lag-free gaming mouse is loaded with thumb buttons

Logitech's newest lag-free gaming mouse is loaded with thumb buttons

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr