A security vulnerability report claimed that they were able to bypass a security feature in three easy steps:<\/p>\n
The security feature is now disabled!<\/p>\n
Well yeah, because you disabled it.<\/p>\n
The Enabled<\/tt> registry value is in the HKEY_
This is cut-and-dried but it’s really surprising how often people appear to be concerned that an administrator<\/i> can compromise security.<\/p>\n
No really, variations on this non-vulnerability are reported a lot<\/i>. They all boil down to, “I found a security vulnerability: An administrator can disable a security feature!” Sometimes, they even admit it themselves: “You must run the PoC as an administrator.” Other times, they confess to not being an expert on the subject: “I am not a security expert, but I can confidently say that I can bypass the security feature using this method.”<\/p>\n
Bonus chatter<\/b>: Here’s another example of a vulnerability report in this category.<\/p>\n A malicious driver can bypass or disable Windows security features.<\/p>\n Step 1: Open an elevated command prompt.<\/p>\n \u2026<\/p>\n<\/blockquote>\n Okay, I’m just going to stop you right there. If your first step is “open an elevated command prompt”, then you don’t need to do all those sneaky things to install the malicious driver in the super-clever way so that it can bypass and disable Windows security features. From the elevated command prompt, you can just disable the security features directly!<\/p>\n","protected":false},"excerpt":{"rendered":" At least they don’t beat around the bush.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-110103","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":" At least they don’t beat around the bush.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/110103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=110103"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/110103\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=110103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=110103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=110103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n