SoylentNews

butthurt [soylentnews.org] writes:

[...] a variation on another Windows 10 UAC bypass method discovered by security researcher Matt Nelson in August 2016 [enigma0x3.net].

While Nelson's method used the built-in Event Viewer utility (eventvwr.exe), Christian's UAC bypass uses the fodhelper.exe file, located at:

C:\Windows\System32\fodhelper.exe

If this file name isn't familiar to you, this is the window that appears when you press the "Manage optional features" option in the "Apps & features" Windows Settings screen.

—Bleeping Computer [bleepingcomputer.com]

Original Submission