AppLocker: one step forward, two steps back

Discussion in 'other security issues & news' started by Gullible Jones, Mar 9, 2013.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    If I'm not mistaken, this is what Microsoft released a hotfix for (after Didier Stevens mentioned it).
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I still have yet to find info on the subject relating to Windows 8. If Applocker on Win8 has the same issue as the one in Win7, I have yet to see a hotfix released for Windows 8...

    Anyone knows anything about the matter?
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    This was back in 2011, win 8 does not suffer from it as it was released almost 2 years later (october 2012).
     
    Last edited: Mar 12, 2013
  5. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    You had me worried with that title. :D
    But after reading other posts im much better now.
     
  6. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Thanks for the reply but is that based on assumption or have you found any official statement indicating so? If you have tested it, please acknowledge. Reason I'm asking is this:

    http://blog.didierstevens.com/2011/11/17/hotfix-for-srpapplocker-bypass/

    If you see the comments section on Didier Stevens blog link above, you'll see this written by him:

    Aside from that comment by Didier, I searched the web and so far have not found anything substantial on the subject. If the issue still remains in Win8 as Didier mentioned, is MS planning on releasing a hotfix for it? Does anyone have any clues?
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    @ safeguy

    I've been wondering that myself, but considering that Microsoft never released a definitive update for Windows 7, is highly unlikely that they "patched" Windows 8. It has always been my thought, and now that you mentioned Didier Stevens says it doesn't, I got no reasons not to believe in him.

    After all, it was all by design. :blink:
     
  8. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    It WAS and still IS by design. I have even checked the official MS (TechNet) pages on AppLocker. Here's what I noticed:

    Security Considerations for AppLocker ( applies to Windows 8 )

    I guess what Didier said is spot on. MS simply does not "consider this an issue". If MS wanted to, they could have patched it in Win7 but they released it as a Hotfix. I wonder how many system admins that deploy Applocker are aware of it? Then, they updated the 'Security Considerations for Applocker' page to include this 'flaw'.

    I have posted this same question on this forum in January but I guess members here didn't notice. By the looks of it, there may be a possibility of MS not even releasing a Hotfix for Win8. I hope I'm wrong and would love to be proven wrong...
     
  9. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    This is just absolutely terrible practice. I wonder how many other integrated Windows measures have bypasses & backdoors inserted into them that aren't known publicly? Kind of makes you sketchy about relying on the integrated security... would rather use an open source 3'rd party solution if there were one available to address the same need.

    I'd be using a fully featured HIPS & Truecrypt instead of AppLocker & Bitlocker, that's for damn sure.
     
Loading...
Thread Status:
Not open for further replies.