A flaw in the Windows AppLocker feature, which lets administrators whitelist or blacklist applications, allows attackers to bypass AppLocker completely and run any application, even without administrator privileges.

According to Casey Smith, who identified the vulnerability, exploiting it is as easy as telling a specific Windows executable to launch a script from a remote location - exactly what attackers are looking to do.

To date there isn't a fix for the vulnerability, however general advice is to use Windows firewall to block the 'regsvr32' application, which prevents it from accessing online files. Lets hope Microsoft comes up with a proper patch soon.