A newly discovered security flaw allows users to get around this on business editions of Windows (Windows 7 and up) by using Regsvr32. You can point it to a remotely hosted file or script to run any app you want on your system.
“We're hunting for awesome startups”
Run an early-stage company? We're inviting 250 to exhibit at TNW Conference and pitch on stage!
That exposes PCs to the danger of running malicious software even if AppLocker is installed. And as it doesn’t require administrator access or alter the system registry, it’s hard to trace.
The vulnerability was discovered last week by Colorado-based Casey Smith, who blogged about his findings and published proof-of-concept scripts to demonstrate it on GitHub.
Microsoft is yet to issue a patch to fix this. CSO notes that for the time being, you can disable Regsvr32.exe and Regsvr64.exe’s network awareness using Windows Firewall.
We’ve contacted Microsoft and will update this post when we hear back.