25 matches found
Bypassing Administrator Protection by Abusing UI Access
Posted by James Forshaw In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses...
📄 Microsoft Windows 11 Build 10.0.27898.1000 Advanced Admin Protection Bypass
This enhanced proof of concept demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privilege checks...
Bypassing Windows Administrator Protection
Posted by James Forshaw A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control UAC with a more robust and importantly, securable system to allow a local user to access administrator privilege...
📄 Microsoft Windows 11 Administrator Protection Bypass / Privilege Escalation
Microsoft Windows 11 suffers from an administrator protection bypass local privilege escalation vulnerability. Proof of concept Metasploit module included. =============================================================================================================================================...
CVE-2025-60721
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
CVE-2025-60718
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
CVE-2025-60721
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
CVE-2025-60718
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
CVE-2025-60721
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
CVE-2025-60718
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
CVE-2025-60721
CVE-2025-60721 is a Windows Administrator Protection elevation-of-privilege vulnerability described as a privilege context switching error that could allow an authorized local attacker to elevate privileges. The CVE entry is corroborated by multiple sources in the Connected documents, including M...
CVE-2025-60721 Windows Administrator Protection Elevation of Privilege Vulnerability
...
CVE-2025-60721 Windows Administrator Protection Elevation of Privilege Vulnerability
...
CVE-2025-60721
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
CVE-2025-60718 Windows Administrator Protection Elevation of Privilege Vulnerability
...
CVE-2025-60718 Windows Administrator Protection Elevation of Privilege Vulnerability
...
CVE-2025-60718
CVE-2025-60718 is a Windows Administrator Protection elevation-of-privilege flaw caused by an untrusted search path. Affected software is Windows 11 (24H2 and 25H2); base CVSS v3.1 7.8 (Local, Privilege Escalation, high impact to confidentiality, integrity, and availability). Microsoft advises ap...
EUVD-2025-93412
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
Windows Administrator Protection Elevation of Privilege Vulnerability
Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...
Windows Administrator Protection Elevation of Privilege Vulnerability
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally...