Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Windows User Account Control Bypassed Using Character Editor to Escalate Privileges

⁨99⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨cm0002@lemmy.world⁩ to ⁨cybersecurity@infosec.pub⁩

https://cybersecuritynews.com/windows-user-account-control-bypassed/

source

Comments

Sort:hotnewtop
  • frongt@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago

    Lol “carefully crafted sequence”. This is just like back in early versions of Windows where the login screen let you open a help menu, which let you open a file picker, which let you open any file.

    Windows is a pile of shit stacked way too high.

    source
    • Brkdncr@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

      Brah, other OS’s are full of holes too.

      source
      • wischi@programming.dev ⁨3⁩ ⁨weeks⁩ ago

        Whataboutism

        source
        • -> View More Comments
      • aeternum@lemmy.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago

        tbh, there’s no decent OS. They all have issues.

        source
        • -> View More Comments
    • Alph4d0g@discuss.tchncs.de ⁨3⁩ ⁨weeks⁩ ago

      That sounds dangerous. I’ll keep my distance lest that pile topples.

      source
  • PleaseLetMeOut@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago

    TIL that ResHacking a manifest is “sophisticated” lol

    source
    • ChaosMonkey@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago

      This I’d not necessary for the attack. It was used to illustrate the vulnerable app manifest configuration.

      source
      • PleaseLetMeOut@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago

        Oh, I assumed they edited the manifest to enable the flags. Nvm then.

        source
        • -> View More Comments
    • 9point6@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

      They don’t edit the manifest at all?

      source
  • mvirts@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

    Lol I never knew Microsoft considers uac a convince feature not a security boundary

    source
    • ramble81@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago

      Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.

      source
      • Nighed@feddit.uk ⁨3⁩ ⁨weeks⁩ ago

        It has some level of additional security I think? some remote access apps have issues with them.

        source
        • -> View More Comments
    • SanctimoniousApe@lemmings.world ⁨3⁩ ⁨weeks⁩ ago

      Then you never thought about it - at least not in relation to who was responsible for it. I mean… because who would think that but Microsoft?

      source
  • pyre@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

    Jesus Christ. that’s like the lock to your front door asking potential intruders to say “I’d like to enter please” to automatically unlock itself

    source