Mitigation for Whitelisting Bypass using regsvr32 - "White Register"

A researcher has discovered undocumented functionality in regsvr32 that allows for arbitrary code execution even in otherwise locked-down environments.

Regsvr32, which provides core OS functionality for Windows, has an option available to load scripts from arbitrary network locations.

The researcher's description of exploitation is found here

Please note, the ...

more ...

Folksec

Information security is a difficult field. It's not only more than a little esoteric in how it works, but the conditions for 'valid' vs. 'owned' change often - much more often, at times, than most people's usual exposure to training for it.

This leads to some unfortunate consequences, where ...

more ...