News

Threat Post

Core Windows Utility Can Be Used to Bypass AppLocker

A researcher has discovered that Windows’ Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker’s whitelisting protections. A core Windows ...
PC World

Use Windows Pro’s whitelist tools to keep unwanted apps off your PC

Most users are familiar with Windows Defender (the antivirus tool built into Windows Security), which continuously monitors the system for suspicious software activity and also identifies and blocks ...
Digital Trends

Exploit breaks Windows out of the AppLocker, to the dismay of IT admins everywhere

One of the big selling points of Microsoft’s Windows 10 Enterprise is that an administrator can lock down software, restricting users to only installing certain, approved, apps. That means that admins ...
Bleeping Computer

Lazarus hackers exploited Windows zero-day to gain Kernel privileges

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them ...
CSOonline

Researcher uses Regsvr32 function to bypass AppLocker

A researcher in Colorado has discovered a feature in Regsvr32 that allows an attacker to bypass application whitelisting protections, such as those afforded by Microsoft’s AppLocker. If the technique ...