Slashdot Mirror
Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com)
An anonymous reader writes: "A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning," reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility
Problem 1: Why would you use the registry to find an app path? What happened to using the system environment path which is already secured? Registry. Pshhh!
Problem 2: Auto Elevation. Microsoft introduces UAC. People get annoyed with it. Microsoft introduces Auto Elevation. Guess what, still annoying and now possible security hole.
I am fine if Windows asks me to enter a user and password to elevate. It works on my *cough* Linux desktop. Annoying? Yes. Secure? More so. But really, how often does one use admin functions?
"You walked away from your machine for ten minutes, ha ha!"
"Windows 10 is updating whether you (the fuck) like it or not."
"This should take a minute (or 20) (or 30)"
"Do not ask why replacing a few signed components takes so long"
"Do not turn off your computer"
Glad I also have an old ATM running XP SP3 to use.
<blink>down the rabbit hole</blink>