From: “Stefan Kanthak” <stefan.kanthak () nexgo de>
Date: Wed, 22 Feb 2023 18:26:24 +0100
Hi @ll, in Windows 11 22H2. some imbeciles from Redmond added the following (of course WRONG and INVALID) registry entries and keys which they dare to ship to their billion world-wide users: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp] "RuleCount"=dword:00000002 "LastWriteTime"=hex(b):01,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp\DLL] JFTR: the time stamp is 100ns past midnight on 1601-01-01; the rule count is wrong too, there are ZERO rules. Although these entries are bogus and no rules are actually present, they disable SAFER as documented, for example in <https://www.microsoftpressstore.com/articles/article.aspx?p=2228450&seqNum=11> FIX: remove these registry entries and/or keys to enable SAFER again! stay tuned, and far away from the crap made in Redmond Stefan _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Defense in depth — the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2 Stefan Kanthak (Feb 22)