Easy Windows 0 day UAC Bypass!

Hey guys! I am harish, I used to find vulnerabilities on the Microsoft bug bounty program and Google VRP!

I was watching the OSCP privilege escalation course, Then I suddenly got an idea to test unsecured GUI based admin prompt vulnerability on Windows Task Manager and Finally, it worked

Steps to Reproduce

  1. open task manager
  2. open files and click on create a new task
  3. click on browse in the create a new task prompt
  4. open system32/cmd.exe there
  5. Now, you can observe that opened cmd has admin rights without asking UAC

POC:

Affected Windows Versions: 7, 8, 8.1, 10, 11

Response from Microsoft:

Thanks for Reading my article!

Follow me on Twitter: https://twitter.com/CoderHarish

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Harish SG

A Passionate security researcher | Incoming Cybersecurity master’s student