Bypassing Windows Administrator Protection
Summary
A Google Project Zero researcher analyzed Windows 11's new Administrator Protection feature, designed to replace UAC, and discovered nine vulnerabilities allowing silent privilege escalation. All reported vulnerabilities were fixed by Microsoft before or shortly after the feature's official release. However, the feature has been disabled by Microsoft due to an application compatibility issue.
IFF Assessment
The vulnerabilities were found and fixed before widespread exploitation, and the feature is currently disabled, reducing immediate risk.
Severity
Defender Context
While the discovered vulnerabilities are patched, defenders should remain vigilant for similar bypasses in privilege escalation mechanisms. Regularly monitor Microsoft security bulletins and test new features in pre-production environments. The temporary disabling of the feature suggests a need for robust compatibility testing prior to feature releases.