The AppLocker bypass exploits to be fixed with the next major Windows version

By: Madeleine Dean
2 minute read

AppLocker is a feature in the Windows OS and Windows Servers allowing admins to control which users can run particular apps. The tool uses unique identities of files, and lets admins create rules to allow or block applications.

AppLocker allows administrators to control the following app types: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx).

Although AppLocker’s role is to filter users’ access to apps and enhance system security, the tool also comes with its own exploits. Recent reports have revealed that unprivileged users can bypass AppLocker and other Software Restriction Policies on all Windows versions, from Windows XP to Windows 10.

More specifically, the LOAD_IGNORE_CODE_AUTHZ_LEVEL 0x00000010 value, and other values allow unprivileged users to bypass the AppLocker rules, as well as the Software Restriction Policies for the DLL. It is worth mentioning that this action applies only to the DLL being loaded, and not to its dependencies.

However, Microsoft doesn’t consider that this exploit needs to be fixed as soon as possible. The company has acknowledged the issue and confirmed that this exploit will be patched in a future version of Windows.

The product team has finished their investigation and determined this will be serviced in a future version of Windows. AppLocker bypasses are not serviced via monthly security roll-ups; only major version updates.

KB2532445 but serviced a bypass with a hotfix which was incorporated in later security updates and is included in the “convenience”
rollup.

If you want this fixed immediately and are an enterprise customer you’ll need to work with your Account Manager to open a support case.

As far as the release date of the next major Windows version is concerned, recent reports suggest that Microsoft could roll it out at the end of March. In the worst case scenario, the update should arrive mid-April.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading