Warning: New UAC vulnerability affects all Windows versions

Madeleine Dean By: Madeleine Dean
2 minute read

Home » Warning: New UAC vulnerability affects all Windows versions

No operating system is threat-proof and every user knows this. There is an evergoing battle between software companies, on the one hand, and hackers, on the other hand. It appears there are many vulnerabilities hackers can take advantage of, especially when it comes to the Windows OS.

At the beginning of August, we reported about the Windows 10’s SilentCleanup processes which can be used by attackers to allow malware to slip through the UAC gate into users’ computer. According to recent reports, this is not the only vulnerability hiding in Windows’ UAC.

A new UAC bypass with elevated privileges has been detected in all Windows versions. This vulnerability roots in the environment variables of the OS, and allows hackers to control child processes and change environment variables.

How does this new UAC vulnerability work?

An environment is a collection of variables used by processes or users. These variables can be set by users, programs or the Windows OS itself and their main role is to make the Windows processes flexible.

Environment variables set by processes are available to that process and its children. The environment created by process variables is a volatile one, existing only while the process is running, and disappears completely, leaving no trace at all, when the process ends.

There is also a second type of environment variables, which are present across the entire system after every reboot. They can be set in the system properties by administrators, or directly by changing registry values under the Environment key.

Hackers can use these variables to their advantage. They can use a malicious C:/Windows folder copy and trick system variables into using the resources from the malicious folder, allowing them to infect the system with malicious DLLs, and avoid being detected by the system’s antivirus. The worst part is that this behavior remains active after each reboot.

Environment variable expansion in Windows allows an attacker to gather information about a system prior to an attack and eventually take complete and persistent control of the system at the time of choice by running a single user-level command, or alternatively, changing one registry key.

This vector also lets the attacker’s code in the form of a DLL to load into legitimate processes of other vendors or the OS itself and masquerade its actions as the target process’ actions without having to use code injection techniques or use memory manipulations.

Microsoft doesn’t think this vulnerability constitutes a security emergency, but will nevertheless patch it in the future.



Next up

Top 5 YouTube live-streaming software to get more followers

Vladimir Popescu avatar. By: Vladimir Popescu
Less than a 1 minute read

Live streaming is quickly becoming one of the most important ways people use to broadcast themselves online. People use live streaming to cover a wide […]

Continue Reading

How to fix corrupted Ableton files on Windows 10

Vladimir Popescu avatar. By: Vladimir Popescu
3 minute read

There is nothing worse than getting an error message when trying to open your Ableton Live set. All the hard work you put in seems […]

Continue Reading

How to fix corrupted memory dump effectively and efficiently

Sovan Mandal avatar. By: Sovan Mandal
3 minute read

It isn’t every day that you come across a corrupted memory dump file But when you do, you will rue your luck you did. That […]

Continue Reading