Threat Intelligence
November 20, 2019

Everyone’s discussing the new Windows UAC vuln – and you can explore it for FREE!

long exposure image of man walking by blue panels

Anyone who’s anyone in security is today discussing CVE-2019-1388, a Windows privilege escalation vulnerability that exists in almost every Windows version from Windows 7 (including server versions). Kudos for the discovery goes to Zero Day Initiative contributor Eduardo Braun Prado, who unearthed the tasty vulnerability on 19th November 2019.

The vuln exists in the Windows User Account Control (UAC) interface and is trivial to exploit – as you’ll find out later. NIST has assigned it a base score of 7.8, which means it falls into the ‘high’ severity bracket and is not one to ignore.

User Account Control (UAC), for those who don’t know, is a mechanism for restricting access and allowing accounts to run applications as other users or administrators. Introduced in Windows Vista, it has existed in every Windows version since.

When Windows shows the UAC prompt it creates a virtual desktop known as the secure desktop, which has strict permissions in place because it runs with system privileges. This is where the vulnerability begins.

The secure desktop and elements within have little in the way of interactivity; and the more elements with user input, the likelier it is that a method to abuse it exists. As with this vulnerability, there is an object ID that existed on older signed executables that would render a clickable hyperlink within the certificate information page (as can be seen in the images from our lab below).

When clicked, the UAC starts a browser process and attempts to navigate to the link. This browser is not started within the context of the secure desktop, so when you dismiss all the dialogues you are presented with an application running as system that can then be used to access and start other applications.

While there are many excellent blog posts on this vulnerability, there is no better way to learn than by doing. That’s why we’ve made our CVE-2019-1388 lab available to you for free. Simply register here for Immersive Labs Lite, click on the ‘Emerging Threats’ objective, and have fun!

Trusted by top companies worldwide
to enhance cybersecurity

Trusted by some of the world’s biggest brands, we’re committed to taking your cybersecurity readiness to the next level - and we’re just getting started.

What Our Customers
Are Saying About Immersive

Realistic simulation of current threats is the only way to test and improve response readiness, and to ensure that the impact of a real attack is minimized. Immersive’s innovative platform, combined with Kroll’s extensive experience, provides the closest thing to replication of a real incident — all within a safe virtual environment.

Paul Jackson
Regional Managing Director, APAC Cyber Risk, Kroll

The speed at which Immersive produces technical content is hugely impressive, and this turnaround has helped get our teams ahead of the curve, giving them hands-on experience with serious vulnerabilities, in a secure environment, as soon as they emerge.

TJ Campana
Head of Global Cybersecurity Operations, HSBC

We no longer worry about managing infrastructure, leaving us free to build great courses.

Daniel Duggan
Director, Zero-Point Security

Ready to Get Started?
Get a Live Demo.

Simply complete the form to schedule time with an expert that works best for your calendar.