Windows security flaw lets hackers run any app on PCs, no admin rights necessary

Windows security flaw lets hackers run any app on PCs, no admin rights necessary
Credit: Microsoft

If you think your network of Windows computers is safe from malware because you’ve set up Applocker to whitelist only trusted apps, we have some bad news.

A newly discovered security flaw allows users to get around this on business editions of Windows (Windows 7 and up) by using Regsvr32. You can point it to a remotely hosted file or script to run any app you want on your system.

That exposes PCs to the danger of running malicious software even if AppLocker is installed. And as it doesn’t require administrator access or alter the system registry, it’s hard to trace.

The vulnerability was discovered last week by Colorado-based Casey Smith, who blogged about his findings and published proof-of-concept scripts to demonstrate it on GitHub.

Microsoft is yet to issue a patch to fix this. CSO notes that for the time being, you can disable Regsvr32.exe and Regsvr64.exe’s network awareness using Windows Firewall.

We’ve contacted Microsoft and will update this post when we hear back.

via Engadget

Bypass Application Whitelisting Script Protections - Regsvr32.exe & COM Scriptlets (.sct files) on subTee

Read next: Bangladesh Bank robbers can’t spell, but it sounds like they can hack financial software

Here's some more distraction

Comments