AppLocker allows administrators to control the following app types: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx). Although AppLocker’s role is to filter users’ access to apps and enhance system security, the tool also comes with its own exploits. Recent reports have revealed that unprivileged users can bypass AppLocker and other Software Restriction Policies on all Windows versions, from Windows XP to Windows 10. More specifically, the LOAD_IGNORE_CODE_AUTHZ_LEVEL 0x00000010 value, and other values allow unprivileged users to bypass the AppLocker rules, as well as the Software Restriction Policies for the DLL. It is worth mentioning that this action applies only to the DLL being loaded, and not to its dependencies. However, Microsoft doesn’t consider that this exploit needs to be fixed as soon as possible. The company has acknowledged the issue and confirmed that this exploit will be patched in a future version of Windows. As far as the release date of the next major Windows version is concerned, recent reports suggest that Microsoft could roll it out at the end of March. In the worst case scenario, the update should arrive mid-April. KB2532445 but serviced a bypass with a hotfix which was incorporated in later security updates and is included in the “convenience” rollup. If you want this fixed immediately and are an enterprise customer you’ll need to work with your Account Manager to open a support case. RELATED STORIES YOU NEED TO CHECK OUT:
How to block UWP apps in Windows 10 New Windows 10 feature will enable blocking of Win32 apps Project Rome lets Android devs build apps that control Windows 10 PCs
SPONSORED
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ