The User Account Control (UAC) feature on Windows seems to be such a good idea, since it allows for people to keep their computers safe, preventing unwanted software installation that might prove to be dangerous for your machine. However, many have discovered ways to get over it, and so the necessity for a new UAC appeared. Not only that people could run commands on a Windows computer without the owner’s permission, but also without leaving any traces behind.
Matt Nelson and Matt Graeber, who work as security researchers at Microsoft, discovered in their turn this breach and decided to develop a new exploit. They tested in both on Windows 7 and on Windows 10, but they claim that the aforementioned technique can be used to breach security on any Windows that runs UAC.
Even though you should already have access to a computer before hacking into it, it is still not safe to continue like this. Nelson explains that an attack would allow an admin to run a code in a context without needing the approval of the user, thus removing the restrictions imposed on any attacker by the local administrator.
What Nelson says we can do in order to protect our data and our computers is to set the UAC to “Always Notify” or removing other users from the group of local administrators. There also other methods and signatures if you want to look for and get an alert whenever a new registry is entered in HKCU/Software/Classes/.
Moreover, Nelson warned that this technique is slightly different than the others that were public until now for a couple of reasons: it doesn’t imply leaving a regular file into the file system, it doesn’t need a process injection and neither a privileged file copy, all this making it more dangerous for Windows users.
RELATED STORIES TO CHECK OUT:
- ALT + Y issue in UAC UI gets fixed in recent Windows 10 build release
- UAC dialog now supports Dark Mode in Windows 10
- How to Manage UAC (User Account Control) in Windows 10