(LiveHacking.Com) – Microsoft has released a hotfix for a flaw in AppLocker that allows AppLocker rules to be circumvented with an Office macro. The vulnerability affects Windows 7 or Windows Server 2008 R2.
With AppLocker users can define rules that control which applications can run, however, it turns out that an attacker could create a macro in Microsoft Office to circumvent the AppLocker rules. As a result malware in the %TEMP% or %system drive%:\Users directory can be executed by using the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags, even if access to these directories is limited by AppLocker rules.
To apply this hotfix, you must be running one of the following operating systems:
- Windows 7
- Windows 7 Service Pack 1 (SP1)
- Windows Server 2008 R2
- Windows Server 2008 R2 Service Pack 1 (SP1)