A UAC Bypass Technique on Windows 10 Threatens Attack on the System


Security researchers in a new experiment have created one new method of stealthily evading the UAC (User Account Control) feature possible only on Windows 10 which makes the system vulnerable to malicious attacks. The researchers show that security solutions do not detect this method.

While other UAC circumvention tactics produce security alerts the new method in discussion doesn't do so as it occurs without having to inject code or copy privileged file, explain Matt Nelson and Matt Graeber the creators of the circumvention. They have highlighted their discovery technically stage by stage on a website called Enigmaox3.

Nelson and Graeber show that when the UAC circumvention is done on Windows 10, the Disk Cleanup application gets executed that would copy and paste some specified files inside one folder in a C drive Temporary directory namely C:Users<username>AppDataLocalTemp.

The specified copy pasted files are executables in an archive called DismHost.exe, which would also be accompanied with numerous DLL files. The activated Disk Cleanup would subsequently run DismHost.exe that in turn would run the DLLs one by one with the final one being LogProvider.dll. This time-consuming process of running the DLL files would enable the attack's launch.

But for that the researchers developed malware that would monitor files on the host computer to see if these files create associated 'temporary' files, and if any such file is detected the malware would fast act and substitute LogProvider.dll with a DLL file of its own that would ultimately perform the attack. Softpedia.com posted this online dated July 25, 2016.

The researchers examined certain default predetermined tasks which are performed on Windows 10. The investigation revealed one such task which was called 'Silent Cleanup' that attackers could launch even without user privileges, however, for running the task, maximum user privileges were required.

They told this observation to Microsoft Security Response Center July 20, 2016. But Microsoft said that UAC wasn't a full fledged security system therefore the problem highlighted was not any security flaw.

The UAC bypass assault can be executed without a process injection identifiable by security programs, therefore, the assault flies under the radar.

ยป SPAMfighter News - 7/29/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next