Security Alerts & News
by Tymoteusz A. Góral

History
#639 Core Windows utility can be used to bypass AppLocker
A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker.

A researcher who requested anonymity found and privately disclosed the issue to Microsoft on Tuesday. It’s unknown whether Microsoft will patch this issue with a security bulletin, or in a future release.

Regsvr32, also known as Microsoft Register Server, is a Microsoft-signed binary that runs as default on Windows. The researcher’s proof-of-concept allows him to download and run JavaScript or VBScript from a URL provided via the command line. Abusing this situation presumes an attacker would already be present on the box, the researcher said.
Read more
#646 MongoDB configuration error exposed 93 million Mexican voter records
#645 MIT launches experimental bug bounty program
#644 “Nuclear” exploit kit service cashes in on demand from cryptoransomware rings
#643 $10 router blamed in Bangladesh bank hack
#642 PowerShell used for spreading Trojan.Laziok through Google Docs
#641 Avast SandBox escape via IOCTL requests
#640 How I hacked Facebook, and found someone's backdoor script
#639 Core Windows utility can be used to bypass AppLocker
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12