Newly discovered Windows security hole bypasses AppLocker and lets apps run without admin rights. Proof-of-concept code published.
This is one of those “look what I found while looking for something else” sort of stories. Casey Smith was trying to solve a problem and accidentally discovered a security vulnerability that affects business and server editions of Windows 7 and up.
The exploit has been public knowledge since Tuesday, when Smith blogged about it and also published proof-of-concept code on GitHub, so the guys and gals at Microsoft ought to be scrambling to come up with a fix right about now. After all, the exploit is now in the hands of the cracker/hackers.
The hole makes it possible to run malicious software on Windows computers, even when AppLocker is being used. AppLocker is a feature in Windows server and business editions for controlling user access to particular applications and which is supposed to make security easier for an organization’s IT people.
Taking advantage of the hole requires the use of regsvr32, a Windows command line utility for registering and unregistering DLLs and ActiveX controls in the Windows Registry. Use of the exploit is difficult to trace, as it doesn’t require administrator rights or alter the registry.
Although the vulnerability has been public for nearly a week, so far the folks in Redmond have been quiet about this. Expect a patch soon.