Warning: New UAC vulnerability affects all Windows versions

By: Madeleine Dean
2 minute read

No operating system is threat-proof and every user knows this. There is an evergoing battle between software companies, on the one hand, and hackers, on the other hand. It appears there are many vulnerabilities hackers can take advantage of, especially when it comes to the Windows OS.

At the beginning of August, we reported about the Windows 10’s SilentCleanup processes which can be used by attackers to allow malware to slip through the UAC gate into users’ computer. According to recent reports, this is not the only vulnerability hiding in Windows’ UAC.

A new UAC bypass with elevated privileges has been detected in all Windows versions. This vulnerability roots in the environment variables of the OS, and allows hackers to control child processes and change environment variables.

How does this new UAC vulnerability work?

For various PC problems, we recommend to use this tool.

This tool will repair most computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

  1. Download ReimagePlus (100% safe download and endorsed by us).
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues.

An environment is a collection of variables used by processes or users. These variables can be set by users, programs or the Windows OS itself and their main role is to make the Windows processes flexible.

Environment variables set by processes are available to that process and its children. The environment created by process variables is a volatile one, existing only while the process is running, and disappears completely, leaving no trace at all, when the process ends.

There is also a second type of environment variables, which are present across the entire system after every reboot. They can be set in the system properties by administrators, or directly by changing registry values under the Environment key.

Hackers can use these variables to their advantage. They can use a malicious C:/Windows folder copy and trick system variables into using the resources from the malicious folder, allowing them to infect the system with malicious DLLs, and avoid being detected by the system’s antivirus. The worst part is that this behavior remains active after each reboot.

Environment variable expansion in Windows allows an attacker to gather information about a system prior to an attack and eventually take complete and persistent control of the system at the time of choice by running a single user-level command, or alternatively, changing one registry key.

This vector also lets the attacker’s code in the form of a DLL to load into legitimate processes of other vendors or the OS itself and masquerade its actions as the target process’ actions without having to use code injection techniques or use memory manipulations.

Microsoft doesn’t think this vulnerability constitutes a security emergency, but will nevertheless patch it in the future.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions