A sophisticated new technique that exploits the Windows Private Character Editor to bypass User Account Control (UAC) and achieve privilege escalation without user intervention, raising significant concerns for system administrators worldwide.
Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.
You can also up your UAC security level, so it requires your password, like most Linux distros do. This can (disregarding bypasses like this one) thwart keystroke injection attacks like that from a USB Rubber Ducky.
Lol I never knew Microsoft considers uac a convince feature not a security boundary
Eh, I kinda see that point. I never considered it a boundary anyway since it didn’t require any additional authentication or authorization. It always felt more like a “here be dragons” warning for people who may not know what their doing, but if you think about it your user context never changes.
It has some level of additional security I think? some remote access apps have issues with them.
Yes, by default windows launches UAC prompts in the supposedly isolated “secure desktop” instead of the classical “interactive user desktop”.
You can also up your UAC security level, so it requires your password, like most Linux distros do. This can (disregarding bypasses like this one) thwart keystroke injection attacks like that from a USB Rubber Ducky.
deleted by creator
Then you never thought about it - at least not in relation to who was responsible for it. I mean… because who would think that but Microsoft?