High-Severity Windows UAC Flaw Enables Privilege Escalation

guest · Nov 21, 2019

High-Severity Windows UAC Flaw Enables Privilege Escalation
Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers
November 20, 2019
https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/

Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data.

“This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows,” researchers with Zero Day Initiative (ZDI) said in a Tuesday detailed analysis of the vulnerability. “An attacker must first obtain the ability to access an interactive desktop as a low-privileged user on the target system in order to exploit this vulnerability.”
Specifically, the flaw exists because the UAC Windows Certificate Dialog, which details certificate information as well as a Microsoft-specific object identifier (OID), does not properly enforce user privileges

The flaw was discovered by Eduardo Braun Prado working with Trend Micro’s Zero Day Initiative. A full list of affected Windows version is here.
Click to expand...

Zero Day Initiative: Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege

Log in or Sign up

High-Severity Windows UAC Flaw Enables Privilege Escalation

guest Guest

Log in or Sign up

High-Severity Windows UAC Flaw Enables Privilege Escalation

guest Guest

Useful Searches