Home
Laptops
Laptops News
Windows Security Flaw Lets Hackers Install Malicious Apps: Report

Windows Security Flaw Lets Hackers Install Malicious Apps: Report

By Ketan Pratap | Updated: 25 April 2016 17:27 IST

Highlights

Researcher used Regsvr32 to bypass AppLocker's whitelisting protections.
Microsoft is yet to comment on the flaw discovered in AppLocker.
The AppLocker protection feature was introduced in Windows 7.

Microsoft introduced the AppLocker feature in Windows 7, providing company administrators with the ability to whitelist and blacklist apps, ensuring that risk-laden apps are kept of the enterprise's networks. A researcher has however discovered a flaw in Windows AppLocker that lets hackers bypass the protection, and install any app they want.

Discovered by security researcher Casey Smith, the flaw allows hackers to use the Regsvr32.eve to install the app, by directing it to a hosted file or script. The app or script can then be installed, without administrator access or even modifying the registry - making it very difficult to reverse changes or monitor unauthorised use. The flaw, which could result in the PC installing malicious apps despite having Windows AppLocker, can be exploited in business editions of Windows 7 and higher.

"The amazing thing here is that regsvr32 is already proxy aware, uses TLS, follows redirects, etc...And.. You guessed a signed, default MS binary," wrote Smith while explaining the flaw in a blog post.

The Colorado-based Casey Smith also posted proof of concept scripts on GitHub to show the vulnerability.

Microsoft is yet to comment on the vulnerability and or release a patch for its Windows AppLocker. In the meanwhile, Eric Rand of Brown Hat Security (https://brownhatsecurity.com/mitigation-for-whitelisting-bypass-using-regsvr32-white-register.html ) has mitigation and suggests blocking Internet access of the Regsvr32.exe and Regsvr64.exe apps via Windows Firewall. He says, "There is at this time no patch available, but mitigation is possible via the Windows Firewall. Block %systemroot%\System32\regsvr32.exe and %systemroot%\SysWoW64\regsvr32.exe from network access and the largest threat surface will be mitigated."

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Microsoft, Regsvr32, Windows, Windows AppLocker

Ketan Pratap

Email Ketan

Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More

Companies Eye Partnership to Counter Low Growth: Report

Lenovo Vibe S1 Price Slashed in India

Windows Security Flaw Lets Hackers Install Malicious Apps: Report

Related Stories