By Light Researcher Discovers Technique to Bypass Microsoft Application Tool

A By Light Professional IT Services LLC security researcher, Jimmy Bayne, has determined a procedure for bypassing Microsoft Application Control solutions using Component Object Model (COM). The technique executes unsigned code to bypass Windows Defender Application Control (WDAC)/Device Guard, including PowerShell Constrained Language Mode (CLM) with an Extensible Stylesheet Transformation (XSLT). Microsoft issued a patch for this bypass vulnerability in October 2018 (CVE-2018-8492).

Read More