A flaw in the Windows AppLocker feature, which lets administrators whitelist or blacklist applications, allows attackers to bypass AppLocker completely and run any application, even without administrator privileges.
According to Casey Smith, who identified the vulnerability, exploiting it is as easy as telling a specific Windows executable to launch a script from a remote location - exactly what attackers are looking to do.
To date there isn't a fix for the vulnerability, however general advice is to use Windows firewall to block the 'regsvr32' application, which prevents it from accessing online files. Lets hope Microsoft comes up with a proper patch soon.
According to Casey Smith, if you tell Regsvr32 to point to a remotely hosted file (such as a script), you can run any app you want on that system. And this is what hackers and virus writers are looking for.