User Account Control (UAC)
The User Account Control (UAC) is the equivalent of sudo on Linux. It's shown when administrative privileges are required, for instance, to install applications.
- β‘οΈ By-pass technique using eventvwr (2016?)
Bypass User Account Control (UAC) using eventvwr.exe. The attack is done by editing the registry, which means you must have sufficient privileges to do so (not necessarily an admin, but not a regular user).
- β‘οΈ CVE-2019-1388
A flaw in UAC allows users to open a browser as Administrator, which can be further exploited allowing us to start a shell as Administrator.
- β‘οΈ AlwaysInstallElevated: it's unlikely, but if an admin allowed programs to be installed without needed Administrator privileges, then you can install a malicious program.
PS> reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer
PS> reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer
PS> msiexec /quiet /qn /i $Env:TMP\malicious.msi