• In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didnât exist. • I described one of the ways I was able to bypass the feature before it was released. • In total I found 9 bypasses during my research that have now all been fixed. • In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC thatâs been under-appreciated, and how itâs being fixed now. • A Question of Accessibility Prior to Windows Vista any process running on a userâs desktop could control any window created by another, such as by sending window messages. • This behavior could be abused if a privileged user, such as SYSTEM, displayed a user interface on the desktop.
Article Summaries:
- In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didnât exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that have now all been fixed. In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC thatâs been under-appreciated, and how itâs being fixed now. A Question of Accessibility Prior to Wind
Sources: