Warning: New UAC vulnerability affects all Windows versions

2 minute read

No operating system is threat-proof and every user knows this. There is an evergoing battle between software companies, on the one hand, and hackers, on the other hand. It appears there are many vulnerabilities hackers can take advantage of, especially when it comes to the Windows OS.

At the beginning of August, we reported about the Windows 10’s SilentCleanup processes which can be used by attackers to allow malware to slip through the UAC gate into users’ computer. According to recent reports, this is not the only vulnerability hiding in Windows’ UAC.

A new UAC bypass with elevated privileges has been detected in all Windows versions. This vulnerability roots in the environment variables of the OS, and allows hackers to control child processes and change environment variables.

How does this new UAC vulnerability work?

For various PC problems, we recommend to use this tool.

This tool will repair most computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

  1. Download ReimagePlus (100% safe download and endorsed by us).
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues.

An environment is a collection of variables used by processes or users. These variables can be set by users, programs or the Windows OS itself and their main role is to make the Windows processes flexible.

Environment variables set by processes are available to that process and its children. The environment created by process variables is a volatile one, existing only while the process is running, and disappears completely, leaving no trace at all, when the process ends.

There is also a second type of environment variables, which are present across the entire system after every reboot. They can be set in the system properties by administrators, or directly by changing registry values under the Environment key.

Hackers can use these variables to their advantage. They can use a malicious C:/Windows folder copy and trick system variables into using the resources from the malicious folder, allowing them to infect the system with malicious DLLs, and avoid being detected by the system’s antivirus. The worst part is that this behavior remains active after each reboot.

Environment variable expansion in Windows allows an attacker to gather information about a system prior to an attack and eventually take complete and persistent control of the system at the time of choice by running a single user-level command, or alternatively, changing one registry key.

This vector also lets the attacker’s code in the form of a DLL to load into legitimate processes of other vendors or the OS itself and masquerade its actions as the target process’ actions without having to use code injection techniques or use memory manipulations.

Microsoft doesn’t think this vulnerability constitutes a security emergency, but will nevertheless patch it in the future.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend to use this tool.

This tool will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

  1. Download this PC Repair Tool with Patended Technologies
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues (requires upgrade).