Security flaw in Windows 10 UAC can change your system files and settings

jayar.decenella@gmail.com' By: Jay Decenella
2 minute read

While the User Access Control for Windows 10 is designed with security in mind, a new UAC bypass technique discovered by security researcher Matt Nelson renders the security measure useless. The hack relies on modifying the Windows registry app paths and manipulating the Backup and Restore utility to load malicious code into the system.

How it works

The bypass strategy takes advantage of Microsoft’s auto-elevation status that is assigned to trusted binaries, which are created and digitally signed by the software giant. That means the trusted binaries don’t display a UAC window when launched despite the security level. Nelson further explained in his blog:

While searching for more of these auto-elevating binaries by using the SysInternals tool “sigcheck“, I came across “sdclt.exe” and verified that it auto-elevates due to its manifest.

When observing the execution flow of sdclt.exe, it becomes apparent that this binary starts control.exe in order to open up a Control Panel item in high-integrity context.

The sdclt.exe binary is the built-in Backup and Restore utility that Microsoft introduced with Windows 7. Nelson explained that the sdclt.exe file uses the Control Panel binary to load the Backup and Restore settings page when a user opens the utility.

However, sdclt.exe sends a query to the local Windows Registry to obtain the control.exe’s app path before it loads control.exe. The researcher acknowledges the fact that this poses a problem as users with low privilege level can still modify registry keys. More to the point, attackers can alter this registry key and point it to malware. Windows would then trust the app and withdraw UAC prompts since sdclt.exe is auto-elevated.

It is worth pointing out that the bypass technique applies only to Windows 10. Nelson even tested the hack on Windows 10 build 15031. To address the security flaw, the researcher recommends that users set the UAC level to “Always Notify” or remove the current user from the Local Administrators group.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading