You are viewing a single comment's thread from:

RE: UAC Bypassing Utility

in #utopian-io7 years ago

This is very educational and can help to teach people about information security so thanks for sharing.

I agree that technology is neutral and can be used for good or evil. A larger question is why doesn't Micro$oft fix their UAC vulnerability so their UAC technology protects all users? There must be a way to fix this on their side?

AW20i-mCIAAQA7Z.jpg

Sort:  

Well the vulnerability isn't microsoft specific, at least DLL hijacking. DLL hijacking can be a vulnerability in any application! As for the elevated IFileOperation, which can copy files to System32 (which only admin users should be able to do), it is microsoft related, so they should fix that. And in this case the DLL hijacking vulnerability is present in a default microsoft application, so they should fix that too.
Also I didn't note in this post that this should only work with an administrator user's account.
So if a normal user logs in they need the admin account's password to deal with the UAC prompt. In this case the vulns are still present, but AutoElevate doesn't kick in for a regular user (most home PCs are running under an administrator account).
Also my conspiracy theory is that microsoft doesn't patch these below Win10 to attract more users from Win7, 8, 8.1 to the new Win10. But this is only a theory since I don't know how to the tool performs on a Win10 system!
And yes this can be fixed on their side, most easily by specifying the absolute path of the DLL they can fix the DLL hijacking vulnerability. If any of the vulnerabilities used in the tool are fixed, then the tool just won't work.
I hope this answers some of your questions!

Thanks for detailed explanation, this is good stuff thanks for your contribution.