Thursday, August 28, 2025
HomeNewsMicrosoft AppLocker Bug Could Let Hackers Slip Past Restrictions by Paige Henley

Microsoft AppLocker Bug Could Let Hackers Slip Past Restrictions by Paige Henley


Paige Henley

Published on: July 23, 2025
Editor

A small mistake in Microsoft’s security settings could let attackers run blocked programs — unless extra protections are in place.

Security researchers at Varonis discovered that Microsoft’s suggested settings for AppLocker (a tool used to stop unwanted programs from running) contain a typo in a critical version number. The setting, called MaximumFileVersion, was mistakenly written as 65355 instead of the correct 65535.

That difference matters. “For example, an attacker can modify a ‘blocked’ executable’s version to exceed the ‘maximum’ version, allowing it to run and bypass the restrictions.” explained Eric Saraga, Director at Varonis Threat Labs.

AppLocker uses version numbers to decide whether a program is safe. If a hacker takes a known bad file and bumps its version number just above 65355, AppLocker might no longer block it, because the version looks newer than the block list allows.

But there’s a catch: changing a file’s version information breaks its digital signature. And on systems that only allow signed (verified) programs to run, this trick won’t work.

The real risk? Organizations that copied Microsoft’s faulty settings but didn’t enable code signing rules. Those systems could let tampered programs run freely.

The incident is a reminder that even official settings can contain mistakes, and blindly copying them can lead to real vulnerabilities. Experts recommend checking your policies, updating the version limit, and always using multiple layers of security.

Microsoft fixed the error in its documentation after being notified.

RELATED ARTICLES

Most Popular

Dominic
32244 POSTS0 COMMENTS
Milvus
80 POSTS0 COMMENTS
Nango Kala
6615 POSTS0 COMMENTS
Nicole Veronica
11787 POSTS0 COMMENTS
Nokonwaba Nkukhwana
11832 POSTS0 COMMENTS
Shaida Kate Naidoo
6728 POSTS0 COMMENTS
Ted Musemwa
7009 POSTS0 COMMENTS
Thapelo Manthata
6684 POSTS0 COMMENTS
Umr Jansen
6697 POSTS0 COMMENTS