Windows 10 Enterprise can be exploited
Reports reaching various blogs and Windows 10 Enterprise users indicates that there is a way to exploit the security feature App Locker bundled with the Operating system. The App Locker allows an administrator to create whitelists or blacklists of applications that an end user is allowed to install and to not install respectively. This is really a nifty little feature that gives administrators control over the operating system and what changes can be made to it. It just happens to be one of the security features bundled with Windows 10 Enterprise that users are happy about.
A security analyst, Casey Smith has discovered a flaw allowing remote files to be installed or executed using the core, whitelisted Regsvr32 executable. A user could bypass the limitations of installing apps by pointing Regsvr32 to a script in a remote location since it accepts URLs for scripts. This could have grave implications for Windows as hackers may take advantage of this to bypass administrator limitations and possibly commit crimes. At this moment, there is no word from Microsoft on whether the exploit will be patched soon but Security experts recommend Device Guard with script protection would most likely block the exploit. The code for replicating the exploit as well as information on it can be found on Casey Smith's blog (link below). What do you think of this new development? Leave a comment.
Via: |CSOOnline|
Source: |subTee|
Image Credit: |GitHub|
