Security Alerts & News
by Tymoteusz A. Góral

History
#1218 Bypassing UAC on Windows 10 using Disk Cleanup
Matt Graeber (@mattifestation) and I recently dug into Windows 10, and discovered a rather interesting method of bypassing User Account Control (if you aren’t familiar with UAC you can read more about it here). Currently, there are a couple of public UAC bypass techniques, most of which require a privileged file copy using the IFileOperation COM object or WUSA extraction to take advantage of a DLL hijack. You can dig into some of the public bypasses here (by @hfiref0x). The technique covered in this post differs from the other methods and provides a useful alternative as it does not rely on a privileged file copy or any code injection.

A common technique used to investigate loading behavior on Windows is to use SysInternals Process Monitor to analyze how a process behaves when executed. After investigating some default Scheduled Tasks that exist on Windows 10 and their corresponding actions, we found that a scheduled task named “SilentCleanup” is configured on stock Windows 10 installations to be launchable by unprivileged users but to run with elevated/high integrity privileges. To find this, we simply went through each task and inspected the security options for “Run with Highest Privileges” to be checked with a non-elevated User Account (such as ‘Users’).
Read more
#1219 Economics behind ransomware as a aervice: a look at Stampado’s pricing model
#1218 Bypassing UAC on Windows 10 using Disk Cleanup
#1217 Motorola confirms that it will not commit to monthly security patches
#1216 Kimpton hotels investigating payment card fraud
#1215 Keys to Chimera crypto ransomware allegedly leaked by rival crime gang
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12