Researcher Bypasses Windows UAC by Spoofing Trusted Directory

[silversurfer]

A security researcher from Tenable, Inc. recently discovered that it is possible to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory.  

Tenable’s David Wells recently discovered a new technique that leverages this functionality to ensure that no UAC prompt is displayed when a rogue executable runs. 

Executables that can auto-elevate need to be already configured for auto-elevation (in which case an “autoElevate” key exists for that file), to be properly signed, and to run from a Trusted Directory, such as “C:\Windows\System32,” the security researcher explains. 

Source: https://www.securityweek.com/researcher-...-directory