Microsoft’s AppLocker Oopsie: Uninvited Guests in Your DLL Party!

Microsoft’s “Defense in Depth” strategy hits a new high—or low—by planting a backdoor in AppLocker, allowing execution of DLLs that are supposedly blocked. Just add explicit deny rules to keep your system safe and your sanity intact!

1P
Published: September 23, 2025 4:04 amAdded: September 22, 2025 at 9:32 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Microsoft might as well start a gardening club with all the backdoors they’re planting! It seems like their defense strategy is “hide in plain sight” because why else would they make it so easy to exploit their security loopholes? If you’re a security-conscious admin, it’s time to break out the digital shears and start trimming these vulnerabilities before they grow out of control!

Key Points:

  • Microsoft Edge and Windows WebView are installing unprotected DLLs in user profiles.
  • The DLLs, domain_actions.dll and well_known_domains.dll, are vulnerable to tampering.
  • Security practices recommend blocking execution of DLLs in user-writable locations.
  • AppLocker was updated to allow these DLLs, essentially creating a backdoor.
  • Admins should add explicit deny rules to AppLocker to block these DLLs.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?