[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on
From: "Stefan Kanthak" <stefan.kanthak () nexgo ! de>
Date: 2023-02-22 17:26:24
Message-ID: C8D18E78C29C4E8883FB810689823440 () H270
[Download RAW message or body]
Hi @ll,
in Windows 11 22H2. some imbeciles from Redmond added the following
(of course WRONG and INVALID) registry entries and keys which they
dare to ship to their billion world-wide users:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp\DLL]
JFTR: the time stamp is 100ns past midnight on 1601-01-01;
the rule count is wrong too, there are ZERO rules.
Although these entries are bogus and no rules are actually present,
they disable SAFER as documented, for example in
<https://www.microsoftpressstore.com/articles/article.aspx?p=2228450&seqNum=11>
FIX: remove these registry entries and/or keys to enable SAFER again!
stay tuned, and far away from the crap made in Redmond
Stefan
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic