Windows 10: UAC Security Issue - Enables Windows Backup To Load Malicious Content

For what it's worth. I don't know if this has been fixed or not, thus I am posting it just in case. If it has been corrected, then disregard or delete this. I have not seen any reference to this on the forum here. Tnx Matt.


While the User Access Control for Windows 10 is designed with security in mind, a new UAC bypass technique discovered by security researcher Matt Nelson renders the security measure useless. The hack relies on modifying the Windows registry app paths and manipulating the Backup and Restore utility to load malicious code into the system.

How it works

The bypass strategy takes advantage of Microsoft’s auto-elevation status that is assigned to trusted binaries, which are created and digitally signed by the software giant. That means the trusted binaries don’t display a UAC window when launched despite the security level. Nelson further explained in his blog:

The sdclt.exe binary is the built-in Backup and Restore utility that Microsoft introduced with Windows 7. Nelson explained that the sdclt.exe file uses the Control Panel binary (control.exe) to load the Backup and Restore settings page when a user opens the utility, however, sdclt.exe sends a query to the local Windows Registry to obtain the control.exe’s app path before it loads control.exe. The researcher acknowledges the fact that this poses a problem as users with low privilege level can still modify registry keys. More to the point, attackers can alter this registry key and point it to malware. Windows would then trust the app and withdraw UAC prompts since sdclt.exe is auto-elevated.

It is worth pointing out that the bypass technique applies only to Windows 10. Nelson even tested the hack on Windows 10 build 15031. To address the security flaw, the researcher recommends that users set the UAC level to “Always Notify” or remove the current user from the Local Administrators group.


Tim
ARS




:)

 

Windows 10 Edge opens, closes,

Hello,

Please re-enable UAC, to make sure your system remains safe and secure and to suppress this issue.

Regards.

 

I am not able to open UAC Settings from built in administration account

I got a new machine which has windows 10 on it. When i try to open UAC Settings from my default built-in account it doesn't opens up. When i tried to enable UAC from Registry at this path HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
it says "Cannot edit: Error Writing the value's new contents".

Also, When i try to open local security policies, i get an error "You are not permission to perform this operation. Access is denied".