TIL that ResHacking a manifest is “sophisticated” lol
Windows User Account Control Bypassed Using Character Editor to Escalate Privileges
Submitted 2 days ago by cm0002@lemmy.world to cybersecurity@infosec.pub
https://cybersecuritynews.com/windows-user-account-control-bypassed/
Comments
PleaseLetMeOut@lemmy.dbzer0.com 2 days ago
ChaosMonkey@lemmy.dbzer0.com 1 day ago
This I’d not necessary for the attack. It was used to illustrate the vulnerable app manifest configuration.
PleaseLetMeOut@lemmy.dbzer0.com 1 day ago
Oh, I assumed they edited the manifest to enable the flags. Nvm then.
9point6@lemmy.world 1 day ago
They don’t edit the manifest at all?
mvirts@lemmy.world 2 days ago
Lol I never knew Microsoft considers uac a convince feature not a security boundary
ramble81@lemmy.zip 1 day ago
Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.
Nighed@feddit.uk 1 day ago
It has some level of additional security I think? some remote access apps have issues with them.
SanctimoniousApe@lemmings.world 2 days ago
Then you never thought about it - at least not in relation to who was responsible for it. I mean… because who would think that but Microsoft?
pyre@lemmy.world 1 day ago
Jesus Christ. that’s like the lock to your front door asking potential intruders to say “I’d like to enter please” to automatically unlock itself
frongt@lemmy.zip 2 days ago
Lol “carefully crafted sequence”. This is just like back in early versions of Windows where the login screen let you open a help menu, which let you open a file picker, which let you open any file.
Windows is a pile of shit stacked way too high.
Brkdncr@lemmy.world 1 day ago
Brah, other OS’s are full of holes too.
wischi@programming.dev 1 day ago
Whataboutism
aeternum@lemmy.blahaj.zone 1 day ago
tbh, there’s no decent OS. They all have issues.
Alph4d0g@discuss.tchncs.de 1 day ago
That sounds dangerous. I’ll keep my distance lest that pile topples.