Security researchers Matt Graeber and Matt Nelson discovered the flaw and outlined it on the Enigmaox3 website, detailing how Windows 10’s built-inSilentCleanup process can be leveraged to allow malware to bypass the UAC. Many users know the UAC as the screen that asks you to allow or stop software from installing and modifying the computer. The new vulnerability allows malware to run with elevated privileges, even when introduced by low-level unprivileged users. MORE: Windows 10 Anniversary Update: Full Review We typically recommend that most computer users don’t use their system’s administrator account for daily activity, as it leaves their system open to all sorts of attacks. But since these two utilities run with the highest levels of power, they make all users vulnerable. The vulnerability is made through SilentCleanup working with the system optimizing utility Disk Cleanup, which creates a temporary folder filled with .DLL (Dynamic Link Library) files, which it loads. DLLs are code repositories that can’t be run on their own. Since Windows gives users write-level access to this temporary directory, the researchers discovered that any other .DLL could be dropped into this folder, and then run with the highest privileges. So, if a user falls prey or victim to a DLL redirect – wherein an application attempts to access a DLL on the Windows system, but a bad actor has swapped in a malicious DLL – the wrong code could be loaded into Disk Cleanup’s temporary folder. And since SilentCleanup and Disk Cleanup run with the highest privileges, the malware is given complete access to edit your system and wreak havoc. Nelson and Graeber claim to have reported the flaw to Microsoft’s Security Response Center on July 20, but say the company responded that it wasn’t a security issue. According to Nelson, the company noted that UAC isn’t a security measure, so Microsoft doesn’t classify this as a security problem. At the same time, this bypass gives attackers a new way to hit users, as it doesn’t attack users with a process-injection method that would normally get flagged by security software. While Nelson and Graeber provide complicated steps for how to disable the software, doing so tampers with the default settings made to keep Windows running smoothly. Instead, the researchers argue, Microsoft should lower the privileges given to the Disk Cleanup and Silent Cleanup processes.
Windows 10 Security and Networking
Previous TipNext Tip
Use the Windows 10 Parental ControlsFind Your MAC AddressTurn Your Windows PC into a Wi-Fi HotspotPassword Protect a FolderCreate a Guest Account in Windows 10Enable Windows Hello Fingerprint LoginSet Up Windows Hello Facial RecognitionHow to Restrict Cortana’s Ever-Present Listening in Windows 10Automatically Lock Your PC with Dynamic LockBlacklist Non-Windows Store AppsFind Saved Wi-Fi PasswordsSet Up a Metered Internet ConnectionUse Find My DeviceStream XBox One GamesAll Windows 10 TipsMap a Network DriveCreate Limited User AccountsSet Time Limits for KidsPin People to Your Taskbar