A security researcher Google discovered a bug that gives extra permissions to simple accounts of Windows. After 90 days waiting and no response from Microsoft, the researcher disclosed the vulnerability.
Let's look at things from the beginning, Google's researcher named Forshaw discovered and revealed a Window wizard's escalation error.
He contacted both Microsoft and Google informing the companies about it vulnerability. Forshaw also included a demonstration of the vulnerability (POC) in his briefing. It says it has only tested on a system with up-to-date Windows 8.1 and that it is unclear whether older versions such as Windows 7 are vulnerable.
The vulnerability was detected in AhcVerifyAdminContext. It's an internal function, not a public API, for searches at microsoft.com.
The Proof of Vulnerability (PoC) includes two files of the program and a set of instructions for running it. The result is that the nomachine των Windows τρέχει με δικαιώματα διαχειριστή. Ο Forshaw δήλωσε ότι το σφάλμα δεν είναι από το UAC, αλλά ότι το UAC usespartly to prove the error.
Forshaw posted his revelation privately on September 30. At the end of the post he said: “This bug is subject to a 90 day notification period. If 90 days pass without an updated version of it being widely available code, then the bug report will automatically become publicly visible.”
