Old Windows quirks help punch through new admin defenses

Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection before the feature was made available earlier this month.

James Forshaw, security researcher at Google's Project Zero, reported nine vulnerabilities in December that could allow attackers to silently grant themselves admin privileges on machines with the new Windows feature enabled.

Most of these related to previously known User Account Control (UAC) issues, Forshaw said, but, if exploited, could have subverted the whole point of Windows Administrator Protection.

Microsoft has not yet opened up the feature for generally available builds – only Insider Canary users can tinker with it for now – but the idea behind it is to ensure that users only operate using the least privileges necessary.

A user can grant themselves admin privileges on the fly, but these are only granted in pre-approved circumstances and are revoked automatically as each process ends.

Forshaw said the most ...