USER ACCOUNT Control (UAC), the thing in Microsoft Windows that creates extra menus you wish would just sod off, can be bypassed, allowing hackers to gain registry access.
Security researcher Matt Nelson has discovered that the flaw allows someone to start PowerShell, access the registry and then leave no trace.
The workaround/feature/bug/massive security hole works on any version of Windows with UAC, which was introduced in Windows Vista and later softened in Windows 7 as it proved such a spectacular pain in the Vista.
The technique uses no files, no injections and leaves no trace. It's just pure direct access via a vulnerability. You could go off and do it to someone now.
Don't do that, though.
Nelson explained: "I was able to hijack [a] process being started. It is possible to simply execute whatever malicious PowerShell script/command you wish. This means that code execution has been achieved in a high integrity process (bypassing UAC) without dropping a DLL or other file down to the file system.
"This significantly reduces the risk to the attacker because they aren’t placing a traditional file on the file system that can be caught by AV/HIPS or forensically identified later."
There are workarounds, of course. Individual users can set the UAC setting to Always Notify instead of the current slightly fluffier default introduced in Windows 7.
Sysadmins can remove the current user from the Local Administrators Group, while monitoring for the attack involves setting up alerts for new registry entries under HKCU\Software\Classes.
Nelson demonstrated a similar way of avoiding UAC last month, this time using Windows 10 Disk Cleanup. This new flaw is far more insidious, however.
We've asked Microsoft for advice and to confirm how quickly it will be able to issue a patch. We'll get back to you if the firm replies.
It's not Heartbleed, but it's going to need something doing, although at present there's no definite evidence of its being used in the wild beyond this proof-of-concept. µ
'Some of us like the misery'
That'll surely affect its credit score