header-logo
Suggest Exploit
vendor:
Windows 10
by:
Heynowyouseeme
8.8
CVSS
HIGH
Local Privilege Escalation (LPE)
264
CWE
Product Name: Windows 10
Affected Version From: Windows 10
Affected Version To: Windows 10
Patch Exists: No
Related CWE: N/A
CPE: o:microsoft:windows_10
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows
2019

Windows 10 UAC bypass for all executable files which are autoelevate true

This exploit allows an attacker to bypass the User Account Control (UAC) on Windows 10 systems. It works by exploiting the fact that all executable files which are autoelevate true can be used to bypass UAC. The exploit is based on the fact that the Windows 10 UAC whitelist contains a list of known executable files which are allowed to run with elevated privileges. The exploit works by creating a malicious executable file which is added to the whitelist and then executed with elevated privileges.

Mitigation:

The best way to mitigate this vulnerability is to disable UAC or to configure it to the highest security level. Additionally, it is recommended to use application whitelisting to prevent malicious executables from running.
Source

Exploit-DB raw data:

Windows 10 UAC bypass for all executable files which are autoelevate true. 
https://heynowyouseeme.blogspot.com/2019/08/windows-10-lpe-uac-bypass-in-windows.html

Download ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47753.zip

Navigation

Suggest Exploit

Services By CQR