A technophile researcher has unearthed a flaw in Microsoft’s Windows that revolves around the Applocker, an integral security tool. As a key feature in Windows 7 and Windows Server 2008 R2, [Applocker](https://technet.microsoft.com/en-in/library/dd759117.aspx) enables administrators to specify which users or groups can run certain applications in an organization based on unique file identities. If you’re utilizing Applocker, it provides you with the facility to create rules that can either allow or prevent selected applications from running.
Current organizational structures face multifaceted challenges in controlling aspects of application execution. These challenges include, but are not limited to, the following:
– Determination of which applications a user should have access to run
– Selection of users who should be privileged with the installation of new software
– Regulations regarding which revisions of applications should be permitted
– Management of licensed applications
In essence, Applocker, as a tool, ensures a safer environment where only permitted apps operate. However, American researcher [Casey Smith](http://subt0x10.blogspot.com.ng/2016/04/bypass-application-whitelisting-script.html) reveals a potential loophole. By using the command-line utility Regsvr32, Smith states, one can manipulate it to point towards a remotely hosted file such as a script, enabling any chosen application to run on the system. This poses a lucrative opportunity for hackers and virus creators, effectively offering them a blank canvas. Adding to the complexity, this form of attack remains largely undetectable, as it does not necessitate administrative access or expose itself through conspicuous changes in the registry.
Substantiating his findings, Smith has moved ahead to [publish](https://gist.github.com/subTee/24c7d8e1ff0f5602092f58cbb3f7d302) a proof-of-concept script on the open-source platform GitHub. This development illustrates how the vulnerability could be exploited, in turn raising valid concern for user privacy.
As a temporary workaround until Microsoft is able to develop a permanent solution, users can increase their safety by disabling Regsvr32.exe and Regsvr64.exe’s access to the network via Windows Firewall. This action, albeit temporary, can enhance your system’s security by limiting the points of entry for potential hackers.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
