Reality update – Tavis Ormandy auf Twitter:
“I’m publishing some research today, a major design flaw in Windows that’s existed for almost *two decades*. I wrote a blog post on the story of the discovery all the way through to exploitation. https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html …“
His Blog is here and very well worth a read, although it’s long and horrifying: Project Zero: Down the Rabbit-Hole… … :
“The obvious attack is an unprivileged user injecting commands into an Administrator’s console session, or reading passwords as users log in. Even sandboxed AppContainer processes can perform the same attack. Another interesting attack is taking control of the UAC consent dialog, which runs as NT AUTHORITY\SYSTEM. An unprivileged standard user can cause consent.exe to spawn using the “runas” verb with ShellExecute(), then simply become SYSTEM.“