Malware Achieves Privilege Escalation via Windows UAC

Venustus

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Dec 30, 2012
4,806
1
37,077
5,788
58
Sydney
As good as a defensive mechanism User Account Control (UAC) is for Windows users against actions requiring administrator privileges, users can be tricked to run an app with elevated rights without raising any suspicion.

Researchers at Cylance security company developed proof-of-concept malware that can achieve this via Windows Command Prompt (cmd.exe) and the Registry Editor (regedit.exe), although the list of programs can be extended.

The focus was on these two utilities because of their importance on the system, as they are intended for running advanced administrative functions or for modify operating system settings.

More
And
http://blog.cylance.com/trick-me-once-shameonuac
 
  • Like
Reactions: Koroke San, Sr. Normal, silversurfer and 7 others
ShameOnUAC injects itself into the unprivileged Explorer process, where it hooks SHELL32!AicLaunchAdminProcess and waits for the user to ask to run a program as administrator. It then tampers with the elevation requests before they're sent to the AppInfo service.
Click to expand...

as always , all malware works with unaware and Happy Clickers, if not they all failed to bypass UAC.
 
  • Like
Reactions: Venustus, Kent, silversurfer and 5 others
Umbra Polaris said:
as always , all malware works with unaware and Happy Clickers, if not they all failed to bypass UAC.
Click to expand...
The higher lesson:
In order to successfully combat malware with UAC we must transform ourselves into more 'Carefully Aware'o_O less 'Happily:p Careless':confused: clickers!

..just say 'no' to Happy unaware malware succumbing clicking!;):D
 
Last edited:
  • Like
Reactions: Venustus, Kent, Sr. Normal and 5 others
Typical users wanted a clear label to show if this file is a virus or not, UAC by simple concept is ask for higher privilege level so it needs a training eye or supervision to understand it; its not the fault where UAC fails but the user willingly to accept the risk.
 
  • Like
Reactions: Venustus, Cats-4_Owners-2, Kent and 1 other person
jamescv7 said:
Typical users wanted a clear label to show if this file is a virus or not, UAC by simple concept is ask for higher privilege level so it needs a training eye or supervision to understand it; its not the fault where UAC fails but the user willingly to accept the risk.
Click to expand...

exactly , the main point is that UAC is NOT an AV , it is just a Windows' feature that block the automatic launching of executables , nothing more.
 
You must log in or register to reply here.

You may also like...