Click to Skip Ad
Closing in...

Dangerous Windows 10 flaw lets hackers secretly run any app on your PC

Published Apr 25th, 2016 11:17PM EDT
Windows 10 AppLocker Security Issue
Image: Dell

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A newly identified Windows 10 security flaw lets hackers install malicious apps on any machine, without business owners being made aware anything out of the ordinary is happening. The issue lets anyone familiar with Windows security bypass its defenses without leaving any trace on the machine.

Discovered accidentally, the issue is significant, and Microsoft is yet to issue a patch.

DON’T MISS: My iPhone screen is bigger than your HDTV, but it still fits in my pocket

Found by Casey Smith, the Windows vulnerability doesn’t affect only Windows 10 machines. Malicious hackers could take advantage of the security flaw on enterprise versions of Windows dating back to Windows 7.

The issue concerns a program called Regsvr32 (and Regsvr64 for 64-bit machines), which lets anyone execute code on a Windows computer from remote network locations. The flaw doesn’t trigger the AppLocker security software, which is supposed to only let users run apps from trusted sources, and it doesn’t leave any traces in the registry, as it doesn’t need administrator access.

In other words, pretty much anyone could use it to install and run any application on an unsuspecting employee’s Windows machine. Microsoft has not yet provided a fix for the issue, but users can disable the Regsvr program using Windows Firewall.

More details on Smith’s findings are available at the source links, including proof of concept scripts to demonstrate the security issue.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.