Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it’s not really a vulnerability.

  • BearOfaTime@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    “The account from which the attack is launched must be a member of the local admin group”

    Umm, so let me get this straight, so a local admin can fuck up a system?

    I’m shocked.

    Just another example of why we don’t let users be member of the admin group.