• Windows 11 25H2 introduces Administrator Protection, replacing UAC with a stricter privilege model. • Feature grants admin rights only when necessary, isolating limited and admin processes. • Security researcher uncovered nine vulnerabilities bypassing protection, enabling silent admin escalation. • Microsoft patched all issues before official release and in subsequent bulletins. • As of Dec 1 2025, Administrator Protection is disabled pending compatibility fixes. • The feature addresses UAC’s shared profile flaw, preventing silent privilege escalation.
Article Summaries:
- Microsoft’s latest Windows 11 25H2 release introduced “Administrator Protection,” a replacement for User Account Control (UAC) designed to enforce a stricter, securable boundary for temporary admin access. Security researchers examined the feature in insider preview builds and uncovered nine distinct bypasses that could silently grant full administrator rights. Microsoft addressed all reported flaws before the official launch (via KB5067036 and subsequent bulletins). As of December 1 2025, the feature has been disabled pending an application‑compatibility fix, though the underlying analysis remains unchanged.
Sources: