- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
You must log in or # to comment.
Saved you a click: Exploit requires attacker to already have an account in the local administrators group, and appears to only allow local admin privileges anyway.
You can remap the C:\ drive (including the OS files in system and windows folders) to a location you already control, with exploited system files and dlls, rather than having to go through UAC and confirm you want to use admin privileges to replace them in-situ.
Microsoft doesn’t consider this an actual vuln because local admins are already defacto trusted and able to use their admin status to do all this anyway. They could just disable UAC locally anyway.