I wrote Tuesday, March 21, 2017 8:09 PM:
[ ...snip... ]
> Mitigation:
> ~~~
>
> Create an "AppCert.Dll" that exports CreateProcessNotify and
> set the following registry entry
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
> Manager\AppCertDlls]
>
Hi @ll,
Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via
LoadLibraryEx(TEXT(""), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);
See
