Novel Exploit Chain Enables Windows UAC Bypass (www.darkreading.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 28 Sep 2024 15:50
https://sh.itjust.works/post/25875140

#cybersecurity

threaded - newest

wizardbeard@lemmy.dbzer0.com on 28 Sep 2024 17:44 collapse

Saved you a click: Exploit requires attacker to already have an account in the local administrators group, and appears to only allow local admin privileges anyway.

You can remap the C:\ drive (including the OS files in system and windows folders) to a location you already control, with exploited system files and dlls, rather than having to go through UAC and confirm you want to use admin privileges to replace them in-situ.

Microsoft doesn’t consider this an actual vuln because local admins are already defacto trusted and able to use their admin status to do all this anyway. They could just disable UAC locally anyway.