Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Latest Windows UAC Bypass Permits Code Execution


  • Please log in to reply
No replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 23,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:35 PM

Posted 16 August 2016 - 09:54 AM

Less than a month after disclosing a Windows User Account Control bypass, researcher Matt Nelson today published another attack

 

that circumvents the security feature and leaves no traces on the hard disk.

 

This time, the bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely.

 

Nelson said he figured out a way to use eventvwr to hijack a registry process, start powershell and execute commands on Windows

 

machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7

 

and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC.

Article


 



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users