A New Threat: CVE-2024-6769 UAC Bypass
Cybersecurity researchers have identified a new exploit chain in Windows, designated CVE-2024-6769, that enables attackers to bypass User Access Control (UAC) and gain full administrative privileges without triggering any security alerts. Despite the significant security risks, Microsoft has downplayed the issue, stating that it is not a true vulnerability, which has fueled debate within the cybersecurity community.
Fortra, the company that discovered the exploit, assigned a medium severity score of 6.7 on the Common Vulnerability Scoring System (CVSS). According to Fortra’s research, the exploit could allow attackers to manipulate critical system files, including those in C:\Windows, potentially leading to system shutdowns or unauthorized file alterations.
Understanding UAC and Mandatory Integrity Control (MIC)
To fully grasp the potential danger of CVE-2024-6769, it’s important to revisit the concept of Mandatory Integrity Control (MIC) introduced in Windows Vista. MIC assigns every user, process, and resource a different level of access, with UAC designed to keep processes limited to medium-level privileges. Admin-level actions require explicit user consent, creating an additional layer of security.
However, Fortra’s proof-of-concept demonstrates how this system can be bypassed. By combining multiple exploit techniques, attackers can evade the security boundaries imposed by UAC, allowing them to inject malicious code and gain full administrative control of a system.
Microsoft Dismisses CVE-2024-6769 as a Vulnerability
Despite the risks posed by this exploit, Microsoft has rejected the idea that CVE-2024-6769 is a genuine vulnerability. According to the company’s security servicing criteria, UAC bypasses do not violate robust security boundaries because admin users are already considered part of the system’s Trusted Computing Base (TCB). In their view, this exploit simply takes advantage of permissions that admins inherently have.
A Microsoft spokesperson clarified, “The method requires membership in the Administrator group, so the so-called technique is just leveraging an intended permission or privilege which does not cross a security boundary.”
Fortra’s Response: UAC as a Security Feature
Fortra strongly disagrees with Microsoft’s stance, emphasizing that UAC is widely seen as a security feature meant to safeguard systems from unauthorized privilege escalation. Tyler Reguly, associate director of security R&D at Fortra, believes Microsoft’s position undermines the very purpose of UAC. “If UAC isn’t considered a security feature, then why promote it as such?” he questioned.
Reguly added that while Microsoft sees the admin-to-system boundary as nonexistent, this bypass still poses significant risks to businesses and organizations, particularly if an attacker gains admin access.
What Businesses Need to Know
Regardless of Microsoft’s view, Fortra stresses that companies should take the risk of CVE-2024-6769 seriously. If an attacker uses this exploit, they could gain control over critical system files, disable security measures, and deploy malware—potentially causing extensive damage.
For administrators, Reguly advises exercising caution and ensuring that they do not run unverified binaries. While only administrators are impacted by this exploit, businesses should remain vigilant to avoid falling victim to privilege escalation attacks.
