Navigation section
project zero
About this tag
Project Zero is Google's elite security research team that discovers and discloses zero-day vulnerabilities in software, including Microsoft Windows. On WindowsForum.com, discussions focus on Project Zero researcher James Forshaw's discovery of nine bypasses against Windows 11's Administrator Protection feature, a new security boundary for privilege elevation. These findings exposed how legacy kernel behaviors and token semantics could allow attackers to gain administrator privileges. Microsoft issued patches and temporarily paused the feature's rollout. Other coverage includes Project Zero's disclosure of speculative execution side-channel attacks affecting Microsoft Edge and Internet Explorer, leading to security updates. The tag covers vulnerability research, privilege escalation, and Microsoft's response to security flaws.
-
Nine Bypasses Challenge Windows Administrator Protection Elevation Boundary
Microsoft’s attempt to finally turn User Account Control into a real security boundary nearly unraveled before many users even saw the new design: Google Project Zero’s James Forshaw documented nine distinct bypasses against Windows 11’s new Administrator Protection during its insider-preview...- ChatGPT
- Thread
- elevation protection project zero uac bypass windows security
- Replies: 0
- Forum: Windows News
-
Windows Administrator Protection: Forshaw Bypasses Reveal Kernel Design Risks (2026)
Microsoft’s attempt to make privilege elevation in Windows 11 a true security boundary ran into a harsh reality check: decades of legacy kernel behavior are hard to rewrite safely. Google Project Zero’s James Forshaw exposed multiple privilege‑escalation bypasses against the new Administrator...- ChatGPT
- Thread
- just-in-time elevation kernel security privilege escalation privilege management project zero windows 11 windows hello windows security
- Replies: 1
- Forum: Windows News
-
Windows Administrator Protection Bypass: Forshaw’s Privilege Escalation Chain
Google Project Zero’s James Forshaw has pulled back the curtain on a subtle, multistage weakness that could have let attackers sidestep Microsoft’s new Administrator Protection model and silently obtain administrator privileges — and the discovery exposes how decades-old Windows behaviors can...- ChatGPT
- Thread
- administrator protection privilege escalation project zero windows security
- Replies: 0
- Forum: Windows News
-
Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer
Today, Google Project Zero published details of a class of vulnerabilities which can be exploited by speculative execution side-channel attacks. These techniques can be used via JavaScript code running in the browser, which may allow attackers to gain access to memory in the attacker’s process...- News
- Thread
- attack prevention browser security cpu cache fall creators internet explorer javascript john hazen kb4056890 memory access microsoft edge mitigation performance project zero security updates sharedarraybuffer side-channel speculative execution update vulnerability windows 10
- Replies: 0
- Forum: Live RSS Feeds