Advertisement

An Analysis About the Defects of Windows UAC Mechanism

  • Zejin Zhu
  • Guojun PengEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 960)

Abstract

In order to deeply understand Windows security and explore the flaws of Windows UAC mechanism, the origin of UAC mechanism is firstly introduced, and then its implementation principles are analyzed. After that, various current UAC bypass methods are classified and different types of UAC bypass methods are elaborated on. Based on the understanding of the existing bypassing methods, the defects of the current UAC mechanism are discussed in depth, and the improvement scheme of the UAC mechanism is proposed.

Keywords

Windows User Account Control Vulnerabilities Privilege 

References

  1. 1.
    360 Security Report. http://bobao.360.cn/learning/detail/420.html. Accessed 20 Aug 2018
  2. 2.
    Boonen, R.: Anatomy of UAC attacks, Fuzzysecurity. https://www.fuzzysecurity.com/tutorials/27.html. Accessed 20 Aug 2018
  3. 3.
    Chen, R.: There are really only two effectively distinct settings for the UAC slider. https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105. Accessed 23 Aug 2018
  4. 4.
    Clavoillotte, UAC bypass via elevated .NET applications. https://offsec.provadys.com/UAC-bypass-dotnet.html. Accessed 20 Aug 2018
  5. 5.
    Conover, M.: Symantec Corporation, Analysis of the Windows Vista security model. http://www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf. Accessed 13 Aug 2018
  6. 6.
    ExpLife, Abusing COM Interface IARP Uninstall String Launcher to Bypass UAC (in Chinese), Freebuf. http://www.freebuf.com/articles/system/116611.html. Accessed 21 Aug 2018
  7. 7.
    Fernández, E.: Testing User Account Control (UAC) on Windows 10Google Scholar
  8. 8.
    Forshaw, J.: Exploiting Environment Variables in Scheduled Tasks for UAC Bypass. https://tyranidslair.blogspot.com/2017/05/exploiting-environment-variables-in.html. Accessed 20 Aug 2018
  9. 9.
    Forshaw, J.: Reading you way around UAC (Part 1). https://tyranidslair.blogspot.com.es/2017/05/reading-your-way-arounduac-part-1.html. Accessed 21 Aug 2018
  10. 10.
    Forshaw, J.: Reading you way around UAC (Part 2). https://tyranidslair.blogspot.com.es/2017/05/reading-your-way-arounduac-part-2.html. Accessed 21 Aug 2018
  11. 11.
    Forshaw, J.: Reading you way around UAC (Part 3). https://tyranidslair.blogspot.com.es/2017/05/reading-your-way-arounduac-part-3.html. Accessed 21 Aug 2018
  12. 12.
    Graham, C.: Using Application Compatibility fixes to bypass UAC, Digital Defense. https://www.digitaldefense.com/ddi-labs/using-application-compatibility-fixes-to-bypass-user-account-control/. Accessed 21 Aug 2018
  13. 13.
    hfiref0x, UACME, Github. https://github.com/hfiref0x/UACME. Accessed 17 Aug 2018
  14. 14.
    Licht, B.: How User Account Control works, Microsoft. https://technet.microsoft.com/eses/itpro/windows/keep-secure/how-user-account-control-works. Accessed 12 Aug 2018
  15. 15.
    LM Security. DLL hijacking attacks revisited, InfoSec Institute. http://resources.infosecinstitute.com/dll-hijackingattacks-revisited/. Accessed 15 Aug 2018
  16. 16.
    Mudge, R.: User Account Control – What penetration testers should know, Cobalt Strike. https://blog.cobaltstrike.com/2014/03/20/user-account-control-what-penetration-testers-should-know/. Accessed 14 Aug 2018
  17. 17.
    Nelson, M.: Bypassing UAC on Windows 10 using Disk Cleanup. https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/. Accessed 20 Aug 2018
  18. 18.
    Nelson, M.: Fileless UAC Bypass using eventvwr.exe and registry hijacking. https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwrexe-and-registry-hijacking/. Accessed 20 Aug 2018
  19. 19.
    Özkan, S.: Top 50 products by total number of ‘distinct’ vulnerabilities in 2016, CVE Details. https://www.cvedetails.com/top-50-products.php?year=2016. Accessed 10 Aug 2018
  20. 20.
    Pierce, S.: Malicious Application Compatibility shims, Black Hat. https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf. Accessed 21 Aug 2018
  21. 21.
    Russinovich, M.: User account control inside Windows 7 user account control. http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx?rss_fdn=TNTopNewInfo. Accessed 15 Aug 2018
  22. 22.
    Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)CrossRefGoogle Scholar
  23. 23.
    Salvio, J., Joven, R.: Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware. https://www.fortinet.com/blog/threat-research/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware.html. Accessed 20 Aug 2018
  24. 24.
    Sara, M., Hawkey, K., Beznosov, K.: Do windows users follow the principle of least privilege?: Investigating user account control practices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security. ACM (2010)Google Scholar
  25. 25.
    Schmoe, J.: Bypass UAC using DLL hijacking. https://nullbyte.wonderhowto.com/how-to/bypass-uac-using-dll-hijacking-0168600/. Accessed 21 Aug 2018
  26. 26.
    Security TechCenter. Microsoft Security Bulletin MS15-001, Microsoft. https://technet.microsoft.com/en-us/library/security/ms15-001.aspx. Accessed 21 Aug 2018
  27. 27.
    Vista UAC secure desktop explained. http://cybernetnews.com/vista-uac-secure-desktop-explained/. Accessed 15 Aug 2018
  28. 28.
    Zheng, L.: UAC in Windows 7 still broken, Microsoft won’t/can’t fix code-injection vulnerability. http://www.istartedsomething.com/20090611/uac-in-Windows-7-still-broken-microsoft-wont-fix-code-injection-vulnerability/. Accessed 13 Aug 2018

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of EducationWuhan UniversityWuhanChina
  2. 2.School of Cyber Science and EngineeringWuhan UniversityWuhanChina

Personalised recommendations