Page 1 of 1

Why Microsoft don't block elevation runas?

PostPosted:Sun Apr 28, 2019 6:47 pm
by zer0cat
As we all know, in the Windows there is an integrity level. But there is an opportunity to raise it, quite legally, without any exploits. Through the function ShellExecute Runas.

Malware calls this functuin in a loop, and reaches admin privileges. The user can not cancel it, because malware call it in an infinite (or very big) loop.

Why is that? Why Microsoft can not somehow track this and ban? What is the point of integrating, if each application can become an administrator?

Re: Why Microsoft don't block elevation runas?

PostPosted:Mon Apr 29, 2019 3:06 am
by EP_X0FF
zer0cat wrote: Sun Apr 28, 2019 6:47 pmMalware calls this functuin in a loop, and reaches admin privileges. The user can not cancel it, because malware call it in an infinite (or very big) loop.
You can always press ctrl+alt+del and logoff thus terminating any elevation requestors.
What is the point of integrating, if each application can become an administrator?
That's the point of it actually.

Re: Why Microsoft don't block elevation runas?

PostPosted:Tue Apr 30, 2019 2:35 am
by Brock
Why is that? Why Microsoft can not somehow track this and ban?
Kinda like a cheater/hacker in Counter-Strike? KEWL!!! =]

Re: Why Microsoft don't block elevation runas?

PostPosted:Sun May 05, 2019 10:05 pm
by zer0cat
EP_X0FF wrote: You can always press ctrl+alt+del and logoff thus terminating any elevation requestors.
I don't know it. :love: