this post was submitted on 27 Sep 2024
5 points (100.0% liked)

Pulse of Truth

493 readers
133 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 1 year ago
MODERATORS
krogoth@infosec.pub
5
Novel Exploit Chain Enables Windows UAC Bypass (www.darkreading.com)
submitted 1 month ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub
1 comments fedilink hide all child comments
 

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.

top 1 comments
sorted by: hot top controversial new old
[–] BearOfaTime@lemm.ee 2 points 1 month ago* (last edited 1 month ago)

"The account from which the attack is launched must be a member of the local admin group"

Umm, so let me get this straight, so a local admin can fuck up a system?

I'm shocked.

Just another example of why we don't let users be member of the admin group.