AaronMargosis
commented
5 years ago Sorry for not getting on this sooner - I didn't have notifications set up correctly and didn't know about this PR. I've confirmed that it's a bypass and will probably take it but am doing research on the purpose for and usage of the tool and what the potential side effects might be.
Binary can be used to bypass whitelisting.
More info here: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb