Lead Image © Romolo Tavani, 123RF.com
Windows Administrator Protection replaces UAC
The Weakest Link
Microsoft unveiled its new Secure Future Initiative (SFI) for Windows at Microsoft Ignite. The focus is on Administrator Protection, which is set to replace the deprecated User Account Control. Current statistics from the Microsoft Digital Defense Report 2024 [1] show an alarming 39,000 incidents of admin rights abuse every day, making better protection for local accounts a top priority.
Microsoft introduced User Account Control (UAC) in Windows Vista. Although it requires users to confirm actions with admin authorization, the protection turned out to be incomplete. Microsoft is now looking to improve protection for Windows 11 workstations and replace UAC with Administrator Protection [2]. In this article, I show you what this new feature is all about and present several arguments to explain why switching to a state-of-the-art protection setup makes sense.
At its core, Administrator Protection is based on the principle of least privilege. This new approach replaces permanent admin accounts that have excessive privileges with a system-managed admin account (the Super Administrator account) that only grants privileges dynamically when they are needed; otherwise, the account is completely protected.
UAC Weaknesses
User Account Control in Windows 11 distinguishes between standard and administrator accounts. When a UAC prompt appears, an access token is created granting the administrative privileges required for the requested action. The biggest weakness of this approach is that the extended token is permanently assigned to the process until it is terminated, which opens up opportunities for attackers to carry out token-spoofing attacks that exploit the extended rights of an existing process to carry out malicious actions.
The UAC bypass issue is another major headache,
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Privileged Identity Management in Azure AD
Azure Active Directory privileged identity management provides just enough administration for admins to carry out their work, while minimizing the possibility of security breaches through privileged admin accounts. -
Protect privileged accounts in AD
Granular protection for highly privileged accounts is granted by the Protected Users group in Active Directory and Kerberos authentication policies. -
Security boundaries in Windows
We look at Microsoft security boundaries and protection goals and their interpretation of the different security areas of Windows operating systems and components. -
Focusing on security in Active Directory
To prevent an intruder attack in Active Directory, Windows Server's security features along with freeware monitoring can save the day.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
