Tuesday, 26 May 2015

Researcher Bypasses Windows UAC New Trick

Windows User Account Control (UAC) is a security measure in accordance with Microsoft to protect computers from "hackers and malicious software," but through a new trick to get around, as demonstrated by security researcher Cylance.

As software or a user wants to change some Windows settings or try to perform actions that require administrative privileges displays a UAC warning. Only when the user gives permission, the action will also be performed. In case the user does not have administrator rights, he must first enter the administrator password before the action is performed.


Researcher Derek Soeder developed malware to attack it in Windows Explorer. The malware, Soeder "ShameOnUAC", and injects itself into the Explorer process which does not have administrator rights. Then watch this process until the user wants to start a program as an administrator. The application of this program to the administrator rights is manipulated by malware and provide any additional commands. For example, commands can through the command prompt in Windows are executed or made ​​changes to the Windows Registry.

Soeder explains that in case the user starts cmd.exe and then accept the UAC warning ShameOnUAC can first run a command with administrator rights before the user gets to see the command prompt. The attack is easy to prevent, users must namely "Show details" click in the UAC warning. The added jobs are namely displayed. However, it is up to the user to do so every time.

"It is important to note that UAC works just referred to. ShameOnUAC is eerie to see in action, because it shows that every user already malware inadvertently elevated privileges have been able to give that was the end of practice, the information by any time ignoring that they could observe it, "says the researcher. In the event malware administrative rights on a computer can get because attackers can take complete control over the system. Soeder himself says that he is always present after his research examines the details of a UAC warning.

No comments:

Post a Comment