AVGater: Getting Local Admin by Abusing the Anti-Virus Quarantine

  • 0 Replies
  • 803 Views
*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10626
 ...an issue, that can be exploited by any local user to gain full control over the endpoint by abusing the restore from quarantine Anti-Virus feature.

And because every new vulnerability needs its own name and logo, I want to introduce you to #AVGater:

https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-