Exploit in enterprise versions of Windows bypasses Microsoft’s AppLocker

Laurent Giret

Windows 10 on Lenovo

According to a report from Engadget, a researcher has found a vulnerability that would let anyone get around app security safeguards on locked-down versions of Windows such as Windows 10 Enterprise. If you run such a version of Windows, you can configure it so that users can only run a few specific apps by using Applocker, a feature that lets administrator assign rules to a security group or an individual user.

The researcher published his proof of concept on GitHub and explained that configuring regsvr32.exe to point to remote files or scripts allows you to short-circuit Microsoft’s Applocker and let you run any app you want on these secure Windows 10 machines. More, this hack seems quite problematic as you can execute it without needing administrator access and it also doesn’t write to the registry.

While Microsoft has yet to acknowledge and fix this security loophole, the report explains that you can still protect your machine by setting Windows Firewall to block Regsvr32.exe and make it unable to access online files.