Company Microsoft implemented in Windows a system called AppLocker which allows blocking the running of certain applications, it being ideal for companies and users who want to use their PCs without the risk of losing data to hackers.
The system AppLocker it is designed especially for companies and allows system administrators to block the running of certain applications on the computers of a company, the functionality being highly appreciated because it protects employees who do not know what they might install on their computers.
Unfortunately, the system AppLocker is vulnerable to a new bug that allows hackers to run a remote script to force Windows to open any kind of application without the need for administrator access and without the changes made by the application being visible in the Windows registry.
All a hacker has to do is use Regsvr32 to run a script from your own server, and from there everything becomes very simple, the vulnerability not having any patch yet, but there is still a method of protection against hackers.
A researcher in Colorado has discovered a feature in Regsvr32 that allows an attacker to bypass application whitelisting protections, such as those afforded by Microsoft's AppLocker. If the technique is used, there's little evidence left behind for investigators, as the process doesn't alter the system registry and in some cases comes across as normal Internet Explorer traffic.
Blocking Regsvr32 from the WIndows firewall prevents accessing files from outside computers, so users are safe, but of course this measure is temporary until Microsoft it will fix the problem in your operating system.
The system AppLocker al Microsoft is similar to that GateKeeper of the Apple company, and in the case of companies, or just ordinary users, they can be extremely useful in preventing the total or partial compromise of computers.
