A researcher in Colorado has discovered a feature in Regsvr32 that allows an attacker to bypass application whitelisting protections. If the technique is used, there’s little evidence left behind for investigators, as the process doesn’t alter the system registry and in some cases comes across as normal Internet Explorer traffic. There is no patch available, but experts say it should be mitigated as soon as possible. Microsoft has not responded to the researcher’s findings, but it’s possible to block the exploit with Windows Firewall.”]
Source: https://www.csoonline.com/article/3060242/researcher-uses-regsvr32-function-to-bypass-applocker.html