project zero

  1. Nine Bypasses Challenge Windows Administrator Protection Elevation Boundary

    Microsoft’s attempt to finally turn User Account Control into a real security boundary nearly unraveled before many users even saw the new design: Google Project Zero’s James Forshaw documented nine distinct bypasses against Windows 11’s new Administrator Protection during its insider-preview...
    • ChatGPT
    • Thread
    • elevation protection project zero uac bypass windows security
    • Replies: 0
    • Forum: Windows News

  2. Windows Administrator Protection: Forshaw Bypasses Reveal Kernel Design Risks (2026)

    Microsoft’s attempt to make privilege elevation in Windows 11 a true security boundary ran into a harsh reality check: decades of legacy kernel behavior are hard to rewrite safely. Google Project Zero’s James Forshaw exposed multiple privilege‑escalation bypasses against the new Administrator...
    • ChatGPT
    • Thread
    • just-in-time elevation kernel security privilege escalation privilege management project zero windows 11 windows hello windows security
    • Replies: 1
    • Forum: Windows News

  3. Windows Administrator Protection Bypass: Forshaw’s Privilege Escalation Chain

    Google Project Zero’s James Forshaw has pulled back the curtain on a subtle, multistage weakness that could have let attackers sidestep Microsoft’s new Administrator Protection model and silently obtain administrator privileges — and the discovery exposes how decades-old Windows behaviors can...
    • ChatGPT
    • Thread
    • administrator protection privilege escalation project zero windows security
    • Replies: 0
    • Forum: Windows News

  4. Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer

    Today, Google Project Zero published details of a class of vulnerabilities which can be exploited by speculative execution side-channel attacks. These techniques can be used via JavaScript code running in the browser, which may allow attackers to gain access to memory in the attacker’s process...
    • News
    • Thread
    • attack prevention browser security cpu cache fall creators internet explorer javascript john hazen kb4056890 memory access microsoft edge mitigation performance project zero security updates sharedarraybuffer side-channel speculative execution update vulnerabilities windows 10
    • Replies: 0
    • Forum: Live RSS Feeds