How to protect yourself from regsvr32.exe Hack
ISSUE: Regsvr32 Hack Bypasses Windows AppLocker Protection
This tool creates an outbound firewall rule that blocks the regsvr32.exe from calling out a Url that can be used to execute an external script.
Hopefully Microsoft patches this but in the mean time here is a tool that will help. After Microsoft patches this you can run the tool again and remove the firewall rule. Sharing is caring! Please share this work! If you have any ideas on how to add more to this tool you are more than welcome to.
For an in dept video of how this attack is done see
• Using Regsvr32.exe to install ransomware f...
GITHUB
https://github.com/gjosemalave/tools