For years, business-focused versions of Windows have had an AppLocker feature that lets you blacklist or whitelist apps. It's undoubtedly helpful for companies eager to keep malware or just risky software off their network.
A researcher in Colorado has discovered a feature in Regsvr32 that allows an attacker to bypass application whitelisting protections, such as those afforded by Microsoft's AppLocker. If the technique is used, there's little evidence left behind for investigators, as the process doesn't alter the system registry and in some cases comes across as normal Internet Explorer traffic.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland