Skip to main content

Windows Security Flaw Lets Hackers Install Malicious Apps: Report


Microsoft introduced the AppLocker feature in Windows 7, providing company administrators with the ability to whitelist and blacklist apps, ensuring that risk-laden apps are kept of the enterprise's networks. A researcher has however discovered a flaw in Windows AppLocker that lets hackers bypass the protection, and install any app they want.
Discovered by security researcher Casey Smith, the flaw allows hackers to use the Regsvr32.eve to install the app, by directing it to a hosted file or script. The app or script can then be installed, without administrator access or even modifying the registry - making it very difficult to reverse changes or monitor unauthorised use. The flaw, which could result in the PC installing malicious apps despite having Windows AppLocker, can be exploited in business editions of Windows 7 and higher.
"The amazing thing here is that regsvr32 is already proxy aware, uses TLS, follows redirects, etc...And.. You guessed a signed, default MS binary," wrote Smith while explaining the flaw in a blog post.
The Colorado-based Casey Smith also posted proof of concept scripts on GitHub to show the vulnerability.
Microsoft is yet to comment on the vulnerability and or release a patch for its Windows AppLocker. In the meanwhile, Eric Rand of Brown Hat Security (https://brownhatsecurity.com/mitigation-for-whitelisting-bypass-using-regsvr32-white-register.html ) has mitigation and suggests blocking Internet access of the Regsvr32.exe and Regsvr64.exe apps via Windows Firewall. 
 View more details....

Comments

Popular posts from this blog

Sprinklr launches major push into customer experience

Sprinklr, the unicorn startup with a valuation of $1.8 billion, reported a noteworthy refresh today, which moves the organization's concentration from an unadulterated social signs stage to client encounter administration. While despite everything it utilizes social as a focal preparing point, the thought is to bring a common arrangement of advertising undertakings under a solitary umbrella they are calling the Experience Cloud.

In the event that that sounds natural, this is on account of Adobe discharged an item with a similar name fourteen days back. Sprinklr is adopting a comparative strategy with a brought together stage, yet with the objective of having the capacity to deal with the client through what you think about them from a social point of view.

For CEO Ragy Thomas, it's about discovering more inventive approaches to utilize the social data they have been gathering for as far back as 7.5 years the organization has been around.

The recently extended stage includes f…

Here is the upcoming updates for Google Assistant announced in Google I/O 2017

Google Assistant is an intelligent personal assistant developed by Google.  It becomes immense popular all around the world.


Since the Google intelligent assistant was announced a year ago, here coming more Assistant updates this year.

In Google I/O 2017 - stated upcoming Google Assistant updates are

Google Assistant launches App DirectoryGoogle Assistant app for iPhoneGoogle Home phone calls and push notificationsAdd events to calendar and type messages to Google AssistantVisual responses from Google Assistant on TV with Chrome castGoogle Lens for computer vision in the worldGoogle Assistant actions for Android and iPhoneNative payments for Google Assistant actionsSoftware development kit partnersSmart home control for LG and GE appliances

Samsung promises to fix red Galaxy S8 screen issue

Awesome news, Samsung fans — you won't not need to manage red-tinted telephone screens until the end of time.
Because of grumblings from early Galaxy S8 proprietors who guaranteed their gadget screens looked red in shading, Samsung arrangements to take out the issue with a product update.
"Since there are a few protests about the red-tinted screens, we chose to update the product one week from now for all Galaxy S8 customers," a Samsung representative disclosed to The Korea Herald on Friday.
ZDNet detailed the show issue not long ago after a few clients who pre-requested the telephones in South Korea started presenting photos and objections via web-based networking media locales.
After "World S8 Red Screen" started slanting on the district's biggest web crawler, Naver, Samsung discharged an announcement to ZDNet, guaranteeing the issue could be physically settled utilizing the accompanying grouping of activities: Settings > Display > Screen Mode &…