most secure os ever?!... Windows 10 UAC Loophole Can Be Used to Infect Systems with Malware

[WALLONN7]

Security researcher finds way to bypass Windows UAC

 

 

The User Account Control (also known as UAC) is a Windows feature that’s supposed to add a new protection layer to Microsoft’s operating system, requesting administrator privileges to launch processes that can modify system files or settings.

 

And although it was developed with this purpose in mind, UAC can easily become a double-edged sword, as bypasses can make it completely useless and enable cybercriminals to deploy malware on a system left with no protection.

Security researcher Matt Nelson recently discovered a new way to bypass UAC, and it all comes down to the Backup and Restore tool that’s available in Windows since the debut of Vista. Specifically, Nelson explains that UAC can be easily bypassed by simply modifying registry paths for the Backup and Restore utility, which can be identified on a system by its corresponding process sdclt.exe.

Nelson explains in his research that whenever Backup and Restore is launched, the system turns to another process, this time called control.exe and belonging to the Control Panel, to display the user interface – Backup and Restore is integrated into the Control Panel, so having them linked requires the sdclt.exe to send a launch command to control.exe.

To launch Control Panel, sdclt.exe looks in the Windows Registry to find its path, which is defined by Microsoft to HKCU:\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe.

 

How to block the bypass

 

Nelson explains that administrator privileges aren’t needed to modify the path of this process, which means that a standard account compromised with malware can be used to change the address, point it to other malware, and then gain administrator rights on the computer with the Backup and Restore tool, which is automatically granted full access as it’s listed as a trusted app in Windows.

The security researcher goes on to explain that blocking this bypass is not at all difficult, saying that UAC level can be switched to “Always Notify” or to simply remove the current user from the Local Administrators group.

What’s important to know is that this bypass only works on Windows 10, and Nelson says he tested it on Windows 10 build 15031, which includes the majority of patches for UAC bypasses, so there’s a good chance that the existing Creators Update builds are affected as well.

The Creators Update is projected to be released next month, with RTM to be compiled as soon as this week, but Microsoft can always block this bypass with a patch shipped before the public debut.

 

Source

[steven36]

XP didn't even have UAC  ,  Back when I used Windows 7 i use to keep it disabled because i used XP for like 10 years so I hated UAC ,Once I moved to windows 8.1 along time ago I found disabling UAC breaks things so I stooped doing it . Researchers have been finding exploits to disable it for many years so this nothing new . Also there has been exploits that could disable antivirus  before. But UAC  does protect you against exploits that cant disable it . But If you use windows without UAC you're more vulnerable to even more exploits . Even in  Linux and Android there exploits that can get root of you're system  but that don't make it wise to run a system as root.

 

UAC  has never been perfect it's just a layer of security that i dont really like using but if i dont it causes bad side effects so i got use too it. Just like I'm use too putting a password in Linux too get admin privileges . Research about UAC  can be a 2 edge sword .Microsoft could use it as a excuse to stop people from using legacy apps .

 

Here is a tut on how fix UAC in  windows 10 to always notify Microsoft could easy fix this  by making it a default setting.

https://www.tenforums.com/tutorials/3577-change-user-account-control-uac-settings-windows-10-a.html

 

[Holmes]

There are to many ways to bypass uac and I have uac disabled and have never had any issues.  Its a annoyance to me to have uac enabled and tolerating a annoyance is only going to be done if I know it is working the way its supposed to and after reading a article on a uac bypass a long time ago I decided its not worth the annoyance.

[steven36]

On undefined at 0:16 AM, Holmes said:

There are to many ways to bypass uac and I have uac disabled and have never had any issues.  Its a annoyance to me to have uac enabled and tolerating a annoyance is only going to be done if I know it is working the way its supposed to and after reading a article on a uac bypass a long time ago I decided its not worth the annoyance.

if you try too run a vm in windows 8.1 or windows 10 it changes a setting in BIOS that cant be fixed unless you reformat were the VM want even run and it breaks some other programs too. I use to keep it UAC turned off in windows 7 without problems . As far as many ways to bypass UAC  yes they are in theory anything is possible but hardly ever a reality in  a skilled computer users realm. Also most known ways have been patched by now.

 

But this still dont mean it could not happen too you one day by not using UAC at all you make yourself more vulnerable to catching malware . The reason this guy done the study on UAC was because all the stuff in the news about the CIA  hacking software  . It's very easy to mitigate by turning uac up to recommended .What dont no sense is why Microsoft dont make windows with  UAC  set to recommended to begain with? it's like there doing it on on purpose or something.

[Holmes]

I run windows using a administrator account not a standard user account and uac is mostly for if your using a standard user account.  It can provide protection as a administrator I just like the annoyance do I run a risk maybe and maybe one day Ill try using it see how it feels for now Im fine with it disabled.  I just spent two days in a holiday inn express celebrating me and my girlfriend megans one year anniversary and there computer was using a guest account and it had malware on it when it goes to zero days using a limited user account really doesnt keep you as safe as you think same with using uac.