Data center: Ashburn, VA

Telegram Chat : MBHH_x86

Email Us: Help@mobilehackerforhire.com

INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2

Table of Contents





From: “Stefan Kanthak” <stefan.kanthak () nexgo de>
Date: Wed, 22 Feb 2023 18:26:24 +0100


Hi @ll,

in Windows 11 22H2. some imbeciles from Redmond added the following
(of course WRONG and INVALID) registry entries and keys which they
dare to ship to their billion world-wide users:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp\DLL]

JFTR: the time stamp is 100ns past midnight on 1601-01-01;
      the rule count is wrong too, there are ZERO rules.

Although these entries are bogus and no rules are actually present,
they disable SAFER as documented, for example in
<https://www.microsoftpressstore.com/articles/article.aspx?p=2228450&seqNum=11>

FIX: remove these registry entries and/or keys to enable SAFER again!

stay tuned, and far away from the crap made in Redmond
Stefan
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/




Current thread:

  • Defense in depth — the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2 Stefan Kanthak (Feb 22)

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!