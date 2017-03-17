Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com) 16
An anonymous reader writes: "A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning," reports BleepingComputer. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware. Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10 (not earlier OS versions) and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility
"Made me scroll forever!"
What, is your screen resolution 160x120?
Auto Elevation (Score:1)
Problem 1: Why would you use the registry to find an app path? What happened to using the system environment path which is already secured? Registry. Pshhh!
Problem 2: Auto Elevation. Microsoft introduces UAC. People get annoyed with it. Microsoft introduces Auto Elevation. Guess what, still annoying and now possible security hole.
I am fine if Windows asks me to enter a user and password to elevate. It works on my *cough* Linux desktop. Annoying? Yes. Secure? More so. But really, how often does one use admin
What happened to using the system environment path which is already secured?
Where do you think the system environment path comes from? Why would you include a feature that isn't necessary either for system operation or system security?
Auto Elevation. Microsoft introduces UAC. People get annoyed with it. Microsoft introduces Auto Elevation. Guess what, still annoying and now possible security hole.
Its heartbreaking that Microsoft doesn't have security architects capable of guiding a redesign of their platform to reflect current OS security theory and practices.
I am fine if Windows asks me to enter a user and password to elevate. It works on my *cough* Linux desktop. Annoying? Yes. Secure? More so.
Its also considered a backward practice. Modern authentication systems should not require a "hackable" password. Also, any system administrator using a GUI interface that relies on xwi
Well, if it is set to backup everynight, then you'd have to do it then. But yeah, kinda stupid overall.
Easy fix, set perms on that reg entry so you need rights to change it...
The way Windows handles stuff I need/user admin features daily. I routinely change my IP address on my interface to work with various systems. I use the task manager to diagnose issues with a system. There are others, but every time I go into the network interface it prompts for the password, I leave the interface for and then go right back into it, I type the password. I understand what the UAC was supposed to accomplish, but in the end it's another layer upon layer of stuff Microsoft has added to attemp
"The problem is that low-privileged users can modify Windows Registry values and point to malware."
Back when I was a little boy (Windows User/Admin) you couldn't make changes to the registry as a non-privileged user. Did this actually change? Is it really possible for a low privileged user to modify the registry? Because if so then Windows is beyond fucked in the security department (even more than we all knew they are fscked.)
Back when I was a little boy (Windows User/Admin) you couldn't make changes to the registry as a non-privileged user. Did this actually change? Is it really possible for a low privileged user to modify the registry?
It doesn't appear so. I just made a non-privileged user account to see if I could modify the registry. Every time it asked for elevated access and the administrator password. Using their proof-of-concept script, I can't get it to do anything either. Regedit always asks for admin privileges and an administrator password. It appears that this only works if you're using a lower setting of the UAC, have it turned off, or have the notifications disabled for it.