cybersecurity

4883 readers

3 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Windows User Account Control Bypassed Using Character Editor to Escalate Privileges (cybersecuritynews.com)

submitted 3 weeks ago by cm0002@lemmy.world to c/cybersecurity@infosec.pub

19 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ramble81@lemmy.zip 6 points 3 weeks ago (4 children)

Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.

[–] Nighed@feddit.uk 2 points 3 weeks ago (3 children)

It has some level of additional security I think? some remote access apps have issues with them.

[–] ChaosMonkey@lemmy.dbzer0.com 3 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Yes, by default windows launches UAC prompts in the supposedly isolated "secure desktop" instead of the classical "interactive user desktop".

[–] clb92 3 points 3 weeks ago

You can also up your UAC security level, so it requires your password, like most Linux distros do. This can (disregarding bypasses like this one) thwart keystroke injection attacks like that from a USB Rubber Ducky.

load more comments (1 replies)