That is the place issues get difficult. Reguly argued that this quantities to a security gap.
“With the proof-of-concept offered, we’re performing the motion of launching an elevated command immediate. This may very well be carried out by an administrator, however they’d get a UAC immediate. As an alternative, we’re utilizing a malicious approach, and also you don’t get a UAC immediate,” Reguly stated. “If UAC is a security function and we’re operating one thing that might usually require a UAC immediate with out one, that sounds to me like a security function bypass. Microsoft, historically, has mounted security function bypasses, however, on this case, due to the wording of the Microsoft Safety Servicing Standards for Home windows, they don’t seem to be.”
That final line is certainly the thrust of the Microsoft argument. Of their Safety Service Standards for Home windows, Microsoft says “Administrative processes and customers are thought of a part of the Trusted Computing Base (TCB) for Home windows and are subsequently not strongly remoted from the kernel boundary. Directors are in command of the security of a tool and may disable security options, uninstall security updates, and carry out different actions that make kernel isolation ineffective. This contains actions which require Administrator permissions like registry tampering with HKEY_LOCAL_MACHINE and any assault the place the attacker has Native or Area Administrator entry.”
