Two researchers have found a major security gap in Windows 10, and Microsoft has no plans to address it…
According to Laptop Magazine, two security researchers, Matt Graeber and Matt Nelson, found a security vulnerability in the Windows 10 User Account Controls (UAC). The UAC function is to block unwanted programs and malware from executing. However, the security issue involves how the SilentCleanup process can be leveraged to allow malware to bypass the UAC. Graeber and Nelson outlined this flaw on the Enigmaox3 website; however Microsoft is denying the problem creates any kind of security gaps, as they do not categorize the UAC as a security feature.
If Microsoft does not see it as a security issue, then what exactly are the security researchers claiming? First, the magnitude of the issue is the privilege rights within system itself. The vulnerability allows malware to get into the SilentCleanup which works within the Disk Cleanup. The SilentCleanup and Disk Cleanup run at the highest privilege, meaning if any kind of malware is given access, it can corrupt your entire system. Graeber and Nelson suggested Microsoft decrease these rights, if they indeed have no intentions to fix the security holes. By doing so, the amount of damage able to be done is reduced, if and when a malware attack takes place.
Now, to the root of the problem, how the malware actually gets into the system. The Disk Cleanup creates a temporary folder filled with Dynamic Link Library (.DLL) files. Since Windows gives users write-level access to this temporary directory, Graeber and Nelson discovered that any other .DLL could be dropped into this folder, and then run with the highest privileges.
So, if a user becomes a victim of a hacker dropping a malicious .DLLs file into their Disk Cleanup, they’re entire system will become infected. I spoke with PC Matic’s Vice President of Cyber Security, Dodi Glenn, to determine what could be done to prevent infections, since Microsoft doesn’t plan to address the vulnerability. He reported PC Matic as a valid security solution. Here is exactly what Dodi had to say:
If you’re utilizing Windows 10, PC Matic proactively protects your computer from crippling executables and DLLs by scanning these files prior to execution. PC Matic features an intelligent whitelist technology, blocking any malicious DLLs and unknown applications from ever infecting your system.
There is an option to disable the UAC feature where this vulnerability is found. Graeber and Nelson provide a step-by-step guide on how to do so; however, I will warn you, it appears to be rather complicated.