Hey guys! I am harish, I used to find vulnerabilities on the Microsoft bug bounty program and Google VRP!
I was watching the OSCP privilege escalation course, Then I suddenly got an idea to test unsecured GUI based admin prompt vulnerability on Windows Task Manager and Finally, it worked
Steps to Reproduce
- open task manager
- open files and click on create a new task
- click on browse in the create a new task prompt
- open system32/cmd.exe there
- Now, you can observe that opened cmd has admin rights without asking UAC
POC:
Affected Windows Versions: 7, 8, 8.1, 10, 11
Response from Microsoft:
Thanks for Reading my article!
Follow me on Twitter: https://twitter.com/CoderHarish