A Windows security flaw allows applications to run without permissions

windows

The news is published through the web by Casey Smith, a security researcher from Colorado (USA), who has raised the alarm when discovering a security breach in the Successive Windows 7 business editions of this operating system (also Windows 10), specifically, with the AppLocker function.

AppLocker is a new feature that introduced in Windows 7 and Windows Server 2008 R2 which allows administrators to specify which users or groups can run applications in an organization, based on unique file identities. Using the feature, you can create a series of rules that allow or deny users the execution of applications. A function similar to Linux ACL lists but with a somewhat different execution mechanism. On the other hand, the application regsvr32, a command line utility that can be used to register and abort DLLs, allows altering the system registry without requiring any permission or execution privileges, as stated by Smith through his blog. As you indicate, this can mean that many administrators find it difficult to find whether or not changes are made to the system.

This security flaw therefore allows you to run malicious software on those computers that are at risk, even if AppLocker is installed, a feature whose principle is security. What's more, does not require administrator access or alter the system registry, so to all this it is added that it's hard to track. This vulnerability was discovered last week and has not yet been corrected by Microsoft itself. At the moment the author of the news has only written about his discovery and has published the script that proves his claim.

While Microsoft launches some measure to correct this deficiency in its system, Casey Smith has indicated that it is possible to disable Regsvr32.exe and Regsvr64.exe using the firewall of the operating system itself.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.