Insecure deserialisation leading to Application Control bypass

Insecure deserialisation (Common Weakness Enumeration ID CWE-502) of .NET objects has been the root cause of a number [1] of highly impactful exploits over the years including

• ProxyNotShell (CVE-2022-41082) – Exchange
• ToolShell (CVE-2025-49704) – SharePoint
• No-sexy-name-yet CVE-2025-59287 – WSUS

One of the more serious impacts of insecure deserialisation is (remote) code execution, which is especially dangerous when the affected component is Internet-facing.

There is, however, another potential impact: bypassing application whitelisting. Since this is normally only exploitable once an attacker has compromised an endpoint, it does not normally receive much attention. On hardened endpoints subject to application whitelisting controls, it can be an effective technique to bypass both EDR detections and application whitelisting.

In the rest of this post, we’ll describe how we discovered and reported to Microsoft an insecure deserialisation vulnerability that can be exploited to bypass application control policy.

The vulnerability that we reported has been assigned CVE-2026-25166 and attributed to Dr Tim Baker, our Head of Testing and Assessment.

The binary is not currently on Microsoft’s recommended block list, so we recommend it be specifically blocked until a patch is available.

Application Control is (one of) Microsoft’s native application whitelisting solutions. This software component is the successor to AppLocker which, while still supported with security patches, will not be receiving any new features [2]. To quote the official documentation “App Control rules can be defined based on:

• Attributes of the codesigning certificate used to sign an app and its dependent binaries
• Attributes of the app’s binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
• The reputation of the app as determined by Microsoft’s Intelligent Security Graph
• The identity of the process that initiated the installation of the app and its binaries (managed installer)
• The path where the app or file exists on disk (beginning with Windows 10 version 1903)
• The process that launched the app or binary

Standard [3] App Control policies such as ‘Allow Microsoft’ permit binaries signed by the ‘Microsoft product root certificate’ (among others). Attackers who want to run a malicious executable (or say a malicious DLL via a signed Microsoft executable using DLL sideloading) will be blocked on a machine where this policy is enforced, as it will not be signed by a key with an associated certificate issued by one of the Microsoft Certificate Authorities. As an example attempting to run an unsigned custom MsgBox.exe application (which just calls the .NET method System.Windows.Forms.MessageBox.Show(())) will result in this error message:

Using dnSpy to decompile this exe and dependent DLLs, we can trace the path of the application when it is run from the command line through a sequence of screenshots:

Firstly, the Main method starts and initiates the WPF application via the MainForm(answerfile, image, distshare) constructor:

This MainForm constructor sets the catalog file location in the m_intiialImage field which is then passed to Cpi.Instance.GetOfflineImageInfo() when the form is loaded via Mainform_Load (when the UI is displayed):

This CatalogImageInfo constructor then attempts to perform some deserialisation operation on the file specified in the user-supplied path:

which in turn calls BinaryFormatter.Deserialize:

If we now attempt to run the above deserialisation exploit on a machine with Application Control (AllowMicrosoft policy) enabled ….. nothing happens (apart from the imgmgr UI appearing). I was unable to find any logs indicating any issue. 

However, looking at the deserialisation payload generated by ysoserial above gives us a clue: When executing the payload, imgmgr.exe attempted to spawn C:\temp\MsgBox.exe via Process.Start() which was almost certainly denied by Application Control (having said that, we did not see any event logs (even in debug mode) in Microsoft-Windows-CodeIntegrity/Operational indicating this occurred, so we don’t know for sure).

There are, however, many roads leading to Rome. So we therefore generate an alternative ysoserial.net payload which doesn’t spawn a new process, but instead executes code inline using a simple MsgBoxLibrary.dll which generates a message box:

As discussed above, deserialisation vulnerabilities are dangerous and have been exploited in many high-profile incidents in the past to achieve remote code execution. However, they can also be used to bypass application whitelisting (although it depends to some degree on the exact policy being enforced). While this may seem disconcerting from a defender’s point of view, the Application Control tools and documentation have a recommended list of additional files which should be blocked, which can be added to your policy to prevent such bypasses.

To sum up:

a) Application whitelisting is still very effective in preventing unknown binaries from executing.

b) It’s not perfect, so the official recommended block list from Microsoft should be used as well (assuming Application Control is your AWL solution) to harden defences.

c) New files which can bypass AWL may appear from time to time, so having a process in place to keep an eye on the recommended block list and re-applying it to your environment when it gets updated is a good idea.