Sunday, March 6, 2016

If you can install arbitrary software, you're an administrator

Today I interacted with someone who wanted to allow a certain non-administrator user account to bypass UAC and access controls for the purpose of installing software. I explained that there's no way sufficient permissions for installing arbitrary programs can be granted without effectively making that user an administrator.

The first problem is that it's not possible to perfectly differentiate between setup programs and utilities that whack important things. Being able to write to admin-only locations (Program Files, Windows, HKLM, HKCR) also allows one to modify existing programs. An attacker would swap a legitimate, frequently-run program out with a malicious program, then wait for a full admin to run it; then bad things happen and the system is compromised. A user that can create or modify Windows services can execute arbitrary code at the highest level of privilege.

Many think the Power Users group is some sort of magic compromise that allows non-admins to install software, but it's only a small step from membership in Power Users to being a full administrator. This is what Microsoft support has to say about that issue:

"Do not use the Power Users group."

No comments:

Post a Comment