WikiLeaks released nearly 9,000 documents and files on Tuesday, allegedly from an internal CIA knowledge base, which describe tools that can be used to hack into myriad devices and applications. One of those documents is a blog post on how to hack user accounts on Windows.Users of the Reddit section called r/netsec, a subreddit about network security, quickly noticed that the blog post had been copied from a link that was posted to Reddit two years ago. The discovery came after a user searched for references to Reddit in the document dump, and posted a link to the WikiLeaks page in a comment on r/netsec, pointing out the connection.“It means that CIA security personnel also read this sub[reddit],” one user said. “It’s a great sub.” That user included a link to the Reddit post that linked to the original article. The document on WikiLeaks references both.
Securing machines from abuse and compromise in a corporate environment has always been an ongoing process. Providing admin rights to users has always been abused as users have ended up installing unapproved software, change configurations, etc. Not giving local admin rights and they claim they can’t do their work. If malware happens to compromise the machine with full admin rights then you are most likely looking at reimaging the machine.
User Account Control (UAC) gives us the ability to run in standard user rights instead of full administrator rights. So even if your standard user account is in the local admin group damage is limited, i.e. installing services, drivers, writing to secure locations, etc. are denied. To carry out these actions users would need to interact with the desktop such us right click and run as administrator or accept the UAC elevation prompt. UAC was introduced from Windows Vista onwards and contains a number of technologies that include file system and registry virtualization, the Protected Administrator (PA) account, UAC elevation prompts and Windows Integrity levels.
UAC works by adjusting the permission level of our user account, so programs actions are carried out as a standard user even if we have local admin rights on the computer. When changes are going to be made that require administrator-level permission UAC notifies us. If we have local admin rights then we can click yes to continue otherwise we would be prompted to enter an administrator password. These would however depend on what policies have been defined in your environment.