Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows UAC Bypass Permits Code Execution (threatpost.com)

Posted by BeauHD on from the inside-job dept.

msm1267 writes from a report via Threatpost: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk. The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC. An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up. Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.

3 of 79 comments (clear)

  1. Am I reading this right? by tomhath · · Score: 4, Informative

    An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action

    So the attacker already pwns the machine. This is a threat?

  2. UAC has a differnt goal by Anonymous Coward · · Score: 3, Informative

    UAC has a different goal than you think.

    https://channel9.msdn.com/Forums/Coffeehouse/473037-UAC-controversy-the-last-episode/773c9d79f8df4fa8bc489deb00e05c3d

    Its goal is to force us to actually fix our crap. UAC is not a bandaid to fix all security issues. There are many known work arounds to it. Including turning it off.

  3. Re:Please... kill UAC. by Anonymous Coward · · Score: 2, Informative

    No it is about forcing developers to stop being fucking lazy C@#nts and demanding admin privileges when they are not necessary. apps that annoy users with prompts lose users and hence finally fix their shit that no amount of begging has been able to achieve.