User Account Control (UAC)
The User Account Control (UAC) is the equivalent of sudo
on Linux. It's shown when administrative privileges are required, for instance, to install applications.
- β‘οΈ By-pass technique using eventvwr (2016?)
Bypass User Account Control (UAC) using eventvwr.exe
. The attack is done by editing the registry, which means you must have sufficient privileges to do so (not necessarily an admin, but not a regular user).
- β‘οΈ CVE-2019-1388
A flaw in UAC allows users to open a browser as Administrator, which can be further exploited allowing us to start a shell as Administrator.
- β‘οΈ AlwaysInstallElevated: it's unlikely, but if an admin allowed programs to be installed without needed Administrator privileges, then you can install a malicious program.
PS> reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer
PS> reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer
PS> msiexec /quiet /qn /i $Env:TMP\malicious.msi