This article is more than 1 year old
Microsoft releases fix for Applocker bypass flaw
Windows vault easily opened with macros
Microsoft has released a temporary fix for a flaw in its latest operating systems that allows untrusted users to bypass security measures preventing them from running unauthorized applications.
AppLocker allows administrators to restrict the applications that can be run on computers running Windows 7 and Windows Server 2008. But end users can easily override the restrictions by invoking a variety of automated script features, including macros in Microsoft Office. Programming flags such as SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL could even allow malware stashed in temporary folders to be executed.
Microsoft on Wednesday published a hotfix to correct the flaw.
"This hotfix might receive additional testing," Microsoft's advisory stated. "Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix."
The advisory didn't say when that update would be released. ®
Narrower topics
- 2FA
- Active Directory
- Advanced persistent threat
- Application Delivery Controller
- Authentication
- Azure
- BEC
- Bing
- Bitlocker
- Black Hat
- BSides
- BSoD
- Bug Bounty
- CHERI
- Common Vulnerability Scoring System
- Cybercrime
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- DDoS
- DEF CON
- Digital certificate
- Encryption
- Excel
- Exchange Server
- Exploit
- Firewall
- Hacker
- Hacking
- Hacktivism
- HoloLens
- Identity Theft
- Incident response
- Infosec
- Internet Explorer
- Kenna Security
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Ignite
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- NCSAM
- NCSC
- .NET
- Office 365
- OS/2
- Outlook
- Palo Alto Networks
- Password
- Patch Tuesday
- Phishing
- Pluton
- PowerShell
- Quantum key distribution
- Ransomware
- Remote Access Trojan
- REvil
- RSA Conference
- SharePoint
- Skype
- Spamming
- Spyware
- SQL Server
- Surveillance
- TLS
- Trojan
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Vulnerability
- Wannacry
- Windows 10
- Windows 11
- Windows 2000
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows Subsystem for Linux
- Windows XP
- Xbox
- Xbox 360
- Zero trust
Broader topics
More about
Narrower topics
- 2FA
- Active Directory
- Advanced persistent threat
- Application Delivery Controller
- Authentication
- Azure
- BEC
- Bing
- Bitlocker
- Black Hat
- BSides
- BSoD
- Bug Bounty
- CHERI
- Common Vulnerability Scoring System
- Cybercrime
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- DDoS
- DEF CON
- Digital certificate
- Encryption
- Excel
- Exchange Server
- Exploit
- Firewall
- Hacker
- Hacking
- Hacktivism
- HoloLens
- Identity Theft
- Incident response
- Infosec
- Internet Explorer
- Kenna Security
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Ignite
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- NCSAM
- NCSC
- .NET
- Office 365
- OS/2
- Outlook
- Palo Alto Networks
- Password
- Patch Tuesday
- Phishing
- Pluton
- PowerShell
- Quantum key distribution
- Ransomware
- Remote Access Trojan
- REvil
- RSA Conference
- SharePoint
- Skype
- Spamming
- Spyware
- SQL Server
- Surveillance
- TLS
- Trojan
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Vulnerability
- Wannacry
- Windows 10
- Windows 11
- Windows 2000
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows Subsystem for Linux
- Windows XP
- Xbox
- Xbox 360
- Zero trust