Novel Exploit Chain Enables Windows UAC Bypass


Researchers have identified CVE-2024-6769, a medium-severity UAC bypass/privilege escalation vulnerability in Windows, allowing authenticated attackers to gain full system privileges. Exploiting the flaw involves remapping the system's root drive and tricking processes like ctfmon.exe into loading malicious code, granting high integrity access. Microsoft, however, does not classify it as a vulnerability, stating it falls within acceptable "non-robust" security boundaries, as admin-level users are trusted by design. Fortra, which flagged the issue, disagrees, arguing that bypassing UAC undermines the intended security and elevates risk for businesses.

Read More


thumb-image

Solutions