Network Security, Vulnerability Management

Microsoft vulnerability lets hackers bypass app whitelisting protections

A researcher has discovered a way for attackers to sneak remotely hosted, unauthorized applications—more specifically, COM (Component Object Model) objects—past Microsoft Windows' whitelisting security feature Applocker, by abusing the command-line utility Regsvr32.

Normally, Regsvr32 allows users to register Dynamic Link Library (DLL) files and ActiveX controls, but on his blog, Colorado-based researcher Casey Smith recently explained that hackers can place a malicious script block inside the registration tag, and then have Regsvr32 successfully execute the code. The trick works on the business editions of Windows 7 on up.

No administrator access is required to perform this workaround, and the process does not alter the system registry, making this vulnerability-based hack a difficult one to detect.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.