google-project-zero · Crawled Jul 5, 2026

Bypassing Administrator Protection by Abusing UI Access

2 IoCs
Read original article ↗

AI Summary

A researcher discovered multiple bypasses for Windows Administrator Protection by exploiting UI Access, a feature designed to allow accessibility tools to interact with higher integrity processes. The bypasses leverage flaws in secure directory checks, repurposing legitimate UI Access executables, shared user profiles, insecure RPC handling, and access token manipulation. These techniques allow a limited user to silently elevate privileges and compromise administrator-level processes without consent prompts, undermining the security boundary intended by Administrator Protection.

AI-extracted · verify before operational use

Indicators of Compromise 2 extracted

Type Value Detail
Filename osk.exe Details →
Filename cleanmgr.exe Details →