this post was submitted on 09 Aug 2025

96 points (98.0% liked)

cybersecurity

4905 readers

4 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Windows User Account Control Bypassed Using Character Editor to Escalate Privileges (cybersecuritynews.com)

submitted 3 weeks ago by cm0002@lemmy.world to c/cybersecurity@infosec.pub

19 comments fedilink hide all child comments

all 20 comments

sorted by: hot top controversial new old

[–] frongt@lemmy.zip 59 points 3 weeks ago (2 children)

Lol "carefully crafted sequence". This is just like back in early versions of Windows where the login screen let you open a help menu, which let you open a file picker, which let you open any file.

Windows is a pile of shit stacked way too high.

[–] Brkdncr@lemmy.world 10 points 3 weeks ago (2 children)

Brah, other OS’s are full of holes too.

[–] aeternum@lemmy.blahaj.zone 4 points 3 weeks ago (1 children)

tbh, there's no decent OS. They all have issues.

[–] devfuuu@lemmy.world 4 points 3 weeks ago

Clearly haven't used TempleOS. It was literally given to us by god. It's perfect.

[–] wischi@programming.dev 3 points 3 weeks ago (1 children)

Whataboutism

[–] sunzu2@thebrainbin.org 1 points 3 weeks ago

No it provides context that everything is like Swiss cheese

Microshit is just extra holey

[–] Alph4d0g@discuss.tchncs.de 4 points 3 weeks ago

That sounds dangerous. I’ll keep my distance lest that pile topples.

[–] PleaseLetMeOut@lemmy.dbzer0.com 10 points 3 weeks ago (2 children)

TIL that ResHacking a manifest is "sophisticated" lol

[–] ChaosMonkey@lemmy.dbzer0.com 6 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

It is not necessary for the attack and was used to illustrate the vulnerable app manifest configuration.

[–] PleaseLetMeOut@lemmy.dbzer0.com 2 points 3 weeks ago (1 children)

Oh, I assumed they edited the manifest to enable the flags. Nvm then.

[–] shalafi@lemmy.world 2 points 3 weeks ago

I thought so as well.

[–] 9point6@lemmy.world 4 points 3 weeks ago

They don't edit the manifest at all?

[–] mvirts@lemmy.world 4 points 3 weeks ago (2 children)

Lol I never knew Microsoft considers uac a convince feature not a security boundary

[–] ramble81@lemmy.zip 6 points 3 weeks ago (1 children)

Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.

[–] Nighed@feddit.uk 2 points 3 weeks ago (2 children)

It has some level of additional security I think? some remote access apps have issues with them.

[–] ChaosMonkey@lemmy.dbzer0.com 3 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Yes, by default windows launches UAC prompts in the supposedly isolated "secure desktop" instead of the classical "interactive user desktop".

[–] clb92 3 points 3 weeks ago

You can also up your UAC security level, so it requires your password, like most Linux distros do. This can (disregarding bypasses like this one) thwart keystroke injection attacks like that from a USB Rubber Ducky.

[–] SanctimoniousApe@lemmings.world 4 points 3 weeks ago

Then you never thought about it - at least not in relation to who was responsible for it. I mean... because who would think that but Microsoft?

[–] pyre@lemmy.world 1 points 3 weeks ago

Jesus Christ. that's like the lock to your front door asking potential intruders to say "I'd like to enter please" to automatically unlock itself