Free Republic
Browse · Search		 General/Chat
Topics · Post Article

Skip to comments.

Windows 10 UAC Bypass Uses Backup and Restore Utility
Bleeping Computer ^ | March 16, 2017 | Catalin Cimpanu

Posted on 03/17/2017 9:40:33 PM PDT by Dalberg-Acton

A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning.

The technique revolves around the notion of "auto-elevation," which is a state that Microsoft assigns to various trusted binaries.

For example, the Task Manager binary is an auto-elevated file because it's created and digitally signed by Microsoft, and is also housed in a trusted file location, under C:\Windows\system32.

This means that despite the UAC security level, launching Task Manager doesn't show a UAC window. Similarly, there are tens of other binaries that feature Auto-Elevation settings in their manifest files.

(Excerpt) Read more at bleepingcomputer.com ...

TOPICS: Computers/Internet
KEYWORDS: microsoft; windows; windows10; windowspinglist

1 posted on 03/17/2017 9:40:33 PM PDT by Dalberg-Acton
[ Post Reply | Private Reply | View Replies]
To: dayglored

Ping to dayglored


2 posted on 03/17/2017 9:42:20 PM PDT by Dalberg-Acton
[ Post Reply | Private Reply | To 1 | View Replies]
To: Dalberg-Acton
This particular technique can be remediated or fixed by setting the UAC level to “Always Notify” or by removing the current user from the Local Administrators group.

How to set the UAC level:

https://www.tenforums.com/tutorials/3577-change-user-account-control-uac-settings-windows-10-a.html

3 posted on 03/17/2017 10:15:00 PM PDT by TChad (Propagandists should not be treated like journalists.)
[ Post Reply | Private Reply | To 1 | View Replies]
To: Dalberg-Acton

The CIA is starting to get really pissed about people exposing the methods they use to bypass Windows security. With the loss of this tool they’re now down to ~13,700 remaining hacks.


4 posted on 03/18/2017 12:42:26 AM PDT by Garth Tater (What's mine is mine.)
[ Post Reply | Private Reply | To 1 | View Replies]
To: Dalberg-Acton

please add me to your ping list please


5 posted on 03/18/2017 2:12:28 AM PDT by AbolishCSEU (Amount of CS paid is inversely proportionate to Mother's actual parenting of children she probably w)
[ Post Reply | Private Reply | To 1 | View Replies]
To: AbolishCSEU; dayglored

Ping to dayglored, the keeper of the Windows list.


6 posted on 03/18/2017 7:41:38 AM PDT by Dalberg-Acton
[ Post Reply | Private Reply | To 5 | View Replies]
To: Dalberg-Acton; AbolishCSEU; LucyT; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; amigatec; ..
Windows 10 UAC security bypass vuln ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to Dalberg-Acton for the ping!!

AbolishCSEU, LucyT: adding you to the list today. Welcome!

7 posted on 03/18/2017 8:13:24 AM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 6 | View Replies]
To: Dalberg-Acton
Thanks for posting. From the article:Another reason to stay with Windows 7.
8 posted on 03/18/2017 8:55:54 AM PDT by upchuck (U have not lived today until u have done something for someone who can never repay u ~ John Bunyan)
[ Post Reply | Private Reply | To 1 | View Replies]
To: upchuck
Another reason to stay with Windows 7.

Just re-installed Windows 7 for a friend after her 5 year old previous installation began to complain at start up. Chrome acted odd in the beginning, but is now working perfectly after hundreds of updates.

9 posted on 03/18/2017 9:01:29 AM PDT by Stentor (A day without illegals is like a day without food poisoning.--Salamander)
[ Post Reply | Private Reply | To 8 | View Replies]
To: Stentor

In my experience, Windows needs to be re-installed from scratch occasionally. It makes a huge difference in the performance.


10 posted on 03/18/2017 10:28:42 AM PDT by Dalberg-Acton
[ Post Reply | Private Reply | To 9 | View Replies]
To: Dalberg-Acton

What a joke.


11 posted on 03/18/2017 11:46:16 AM PDT by Ray76 (DRAIN THE SWAMP)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 General/Chat
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson