From: “Stefan Kanthak” <stefan.kanthak () nexgo de>
Date: Wed, 22 Feb 2023 18:26:24 +0100
Hi @ll,
in Windows 11 22H2. some imbeciles from Redmond added the following
(of course WRONG and INVALID) registry entries and keys which they
dare to ship to their billion world-wide users:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp\DLL]
JFTR: the time stamp is 100ns past midnight on 1601-01-01;
the rule count is wrong too, there are ZERO rules.
Although these entries are bogus and no rules are actually present,
they disable SAFER as documented, for example in
<https://www.microsoftpressstore.com/articles/article.aspx?p=2228450&seqNum=11>
FIX: remove these registry entries and/or keys to enable SAFER again!
stay tuned, and far away from the crap made in Redmond
Stefan
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Defense in depth — the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2 Stefan Kanthak (Feb 22)
