Malware authors have a new UAC bypass technique at their disposal that they can use to install malicious apps on devices running Windows 10.
Responsible for discovering this new UAC bypass method is a German student that goes online by the name of Christian B., currently working on his master's thesis, centered on UAC bypass techniques.
The technique he came up with is a variation on another Windows 10 UAC bypass method discovered by security researcher Matt Nelson in August 2016.
While Nelson's method used the built-in Event Viewer utility (eventvwr.exe), Christian's UAC bypass uses the fodhelper.exe file, located at:
C:\Windows\System32\fodhelper.exe
If this file name isn't familiar to you, this is the window that appears when you press the "Manage optional features" option in the "Apps & features" Windows Settings screen.
Both techniques work in the same way and take advantage of what's called "auto-elevation," which is a state that Microsoft assigns to trusted binaries (files signed with Microsoft certificate, and located in trusted locations such as "C:\Windows\System32").
Just like eventvwr.exe, fodhelper.exe is also a trusted binary, meaning Windows 10 won't show a UAC window when launched into execution, or when other processes spawn from the fodhelper.exe parent process.
The technique employs changing the value of a registry key to contain the command to be executed. Since fodhelper.exe is trusted, the command is executed without the UAC prompt. The article continues with how to avoid the exploit. First off, do NOT run as an Administrator by default. Second, set the UAC level to "Always notify."
(Score: 0) by Anonymous Coward on Friday May 26 2017, @06:14AM (1 child)
Everybody has a degree today, so degrees are worthless because they represent nothing.
(Score: 4, Interesting) by canopic jug on Friday May 26 2017, @09:36AM
They are also worth nothing because they contain nothing. That situation now extends especially to Computer Science degrees.
As degree programmes fall to M$, they start churning out fools that know nothing except how to resell M$ products. This has been going on long enough that they are feeding back into the system and replacing faculty members, creating a downward spiral. Each year that goes by, there are fewer people left than know about computers and fewer that can do anything advanced. In a generation or two, real generations not academic generations, we'll be in a situation were we have mostly information communication technologies that completely fail to perform. Of those few that still work, no one will know how to maintain them let alone how to change or improve them.
Money is not free speech. Elections should not be auctions.