Less than a month after disclosing a Windows User Account Control bypass, researcher Matt Nelson today published another attack
that circumvents the security feature and leaves no traces on the hard disk.
This time, the bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely.
Nelson said he figured out a way to use eventvwr to hijack a registry process, start powershell and execute commands on Windows
machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7
and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC.