The heart of tech

This article was published on April 25, 2016


Windows security flaw lets hackers run any app on PCs, no admin rights necessary

Windows security flaw lets hackers run any app on PCs, no admin rights necessary


Abhimanyu Ghoshal
Story by

Abhimanyu Ghoshal

Managing Editor

Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and culture. Hit him up on Twitter, or write in: [email protected].

If you think your network of Windows computers is safe from malware because you’ve set up Applocker to whitelist only trusted apps, we have some bad news.

A newly discovered security flaw allows users to get around this on business editions of Windows (Windows 7 and up) by using Regsvr32. You can point it to a remotely hosted file or script to run any app you want on your system.

That exposes PCs to the danger of running malicious software even if AppLocker is installed. And as it doesn’t require administrator access or alter the system registry, it’s hard to trace.

The vulnerability was discovered last week by Colorado-based Casey Smith, who blogged about his findings and published proof-of-concept scripts to demonstrate it on GitHub.

Microsoft is yet to issue a patch to fix this. CSO notes that for the time being, you can disable Regsvr32.exe and Regsvr64.exe’s network awareness using Windows Firewall.

We’ve contacted Microsoft and will update this post when we hear back.

via Engadget

Also tagged with