Windows Administrator Protection: Forshaw Bypasses Reveal Kernel Design Risks (2026)

Microsoft’s attempt to make privilege elevation in Windows 11 a true security boundary ran into a harsh reality check: decades of legacy kernel behavior are hard to rewrite safely. Google Project Zero’s James Forshaw exposed multiple privilege‑escalation bypasses against the new Administrator Protection model during preview testing, and Microsoft quietly issued patches and then temporarily disabled the feature while it addresses compatibility and design hardening.

Background / Overview​

Administrator Protection is Microsoft’s next‑generation approach to replacing parts of the old User Account Control (UAC) model with a just‑in‑time, isolated elevation mechanism. Instead of granting an elevated token derived directly from the interactive user account, Windows creates a separate, system‑managed “shadow” administrator identity and issues a temporary, profile‑separated admin token for the single elevated operation. The token is ephemeral: it is issued on demand after interactive confirmation (for example, Windows Hello or credential input) and discarded when the elevated process exits. This design is intended to reduce exposure to credential theft, token abuse, and persistent auto‑elevation techniques.
The feature has been available only to Windows Insiders in experimental channels while Microsoft evaluates compatibility and telemetry; it was included in preview updates and optional rollups before a broader rollout was planned. Microsoft’s documentation and release notes describe Administrator Protection as part of a broader effort to enforce least privilege and make actual elevation events more observable to administrators.
Yet the transition from a split‑token UAC model to a shadow‑account model touches many long‑standing OS behaviors: logon session semantics, object namespace initialization, token ownership semantics, and kernel‑side object creation semantics. Forshaw’s testing—performed at Microsoft’s request and published by Project Zero—shows how a choreography of legitimate behaviors can be chained into practical local privilege escalation.

---

What Forshaw found: design gaps that become attack primitives​

James Forshaw’s writeup documents a family of bypasses—nine distinct techniques in total—that exploit subtle interactions between Administrator Protection’s new token issuance flow and legacy kernel behavior. The most important elements in the attack surface are:

• Per‑logon session DOS device directories (the kernel object namespace entry that resolves drive letters like C, which Windows lazily creates for each logon session.
• The fact that Administrator Protection creates a new logon session for each shadow admin token (the shadow admin tokens are not re‑used across elevations), so freshly created admin tokens do not have a pre‑initialized DOS device object directory.
• Kernel calls that create object directory entries using Zw‑style functions can temporarily bypass certain access checks during creation, enabling an attacker to influence ownership/ACLs during that window.
• Token impersonation semantics at identification level can lead to object creation using the owner SID from the primary token instead of the impersonation token, which — when combined with the above — lets a limited process cause a per‑logon DOS devices directory to be created under attacker‑controlled owner SIDs.

Put simply: Administrator Protection’s per‑elevation, per‑token logon semantics created a timing window where a limited process could cause an admin process’s view of the system drive (C to be mapped to a symlink the attacker controls. That redirection allows the attacker to control what files or DLLs the elevated process opens or loads, and thereby execute code in the elevated context—all without further user interaction.

The exploit choreography (high level)​

Forshaw reconstructs one particularly illustrative exploitation path as a sequence of practical steps that an attacker with local code execution can follow:

• Trigger a shadow admin process to be created for an elevation operation so a new elevated process exists (Windows may start it suspended during creation).
• Before the new elevated process opens any files (i.e., before the kernel initializes its per‑logon DOS device directory), open its process handle and duplicate its primary token as an identification token.
• Impersonate that identification token and cause the kernel to create the DOS device object directory for that logon session while the attacker is impersonating the token. The object is created with owner/ACL semantics that, through the timing and impersonation quirks, grant the attacker write access.
• Create a symlink in the new per‑logon DOS device directory that redirects C: to attacker‑controlled content.
• Resume the suspended elevated process; when it later opens files or loads DLLs, it resolves C: via the attacker‑controlled symlink and ends up loading attacker code in an admin context.

Forshaw emphasizes that this is not a single bug but a composite exploit built from five legitimate behaviors interacting in an unexpected way. The attack requires local code execution as a precondition—i.e., it is an elevation‑of‑privilege rather than a remote code‑execution vulnerability—but that makes it a powerful post‑compromise primitive for turning a limited foothold into full administrative control.

---

How Microsoft responded (and why the debate continued)​

Microsoft received Forshaw’s findings through responsible disclosure. The company published updates and rolled fixes into preview and security updates; Project Zero acknowledges that many of the reported issues were fixed in optional updates and later security bulletins.
However—critically—Project Zero published follow‑ups asserting that an initial fix for CVE‑2025‑60718 (the Administrator Protection elevation issue tracked publicly around the November rollup) was incomplete or did not fully eliminate the underlying attack primitives, and raised concerns about the residual attack surface. Independent coverage highlighted Project Zero’s claim that Microsoft’s patching and public communication were inadequate.
Microsoft’s own documentation later noted that Administrator Protection had been reverted in the October/November preview rollups and that the feature would roll out later after further work. Microsoft’s Administrator Protection documentation and release health pages reflect that the feature was pulled back from general availability while compatibility issues are addressed.
In parallel, other security updates intended to harden UAC and related elevation flows triggered compatibility problems for some applications and non‑admin workflows—an unrelated but operationally significant side effect that has complicated organizations’ ability to adopt preview fixes safely. Some updates caused unintended prompts and compatibility issues, leading Microsoft to provide Known Issue Rollback (KIR) guidance for enterprises.

---

Why legacy Windows behaviors still matter​

Windows is not a greenfield operating system; it’s an ecosystem with years of backward‑compatibility expectations and deeply entrenched kernel semantics. When a design change like Adminisers fundamental assumptions—such as how and when logon sessions are created or when DOS device directories are initialized—old corner cases can suddenly turn into new attack paths.
Two design lessons stand out:

• Small changes in token/logon session lifecycle can expose previously theoretical behaviors in a practical exploit chain. The lazy initialization of DOS device directories was known but not exploitable under classic UAC because linked tokens shared logon sessions; Administrator Protection’s per‑elevation new logon sessions removed that safety for a window.
• Kernel‑side object creation semantics (Zw vs Nt variants) and owner SID assignment rules are subtle but security‑critical. The object creation path that bypassed access checks during directory creation created the crucial timing window. These are low‑level implementation details that must be considered whenever you redesign a higher‑level security boundary.

Forshaw’s work is a reminder that complex systems require both threat modeling and assumption audits—explicit checks of old behaviors that a new design might rely on or unintentionally weaken.

---

Practical impact and exploitability​

• Exploit prerequisites: The documented bypasses are local elevation techniques. An attacker must already be able to execute code on the target as a limited user or otherwise place files in attacker‑writable locations that the elevation flow will enumerate. That means the bypasses are most valuable as post‑compromise escalation primitives rather than immediate remote‑attack vectors.
• Severity: Public vulnerability records and vendor advisories characterized some findings (CVE‑2025‑60718 and related work) as high severity (CVSS ~7.8), reflecting the impact of turning a low‑privilege local foothold into full administrative access.
• Real‑world exploitation: As of the public reporting, there was no widely confirmed active exploitation in the wild specifically tied to these Administrator Protection bypasses. That does not reduce the importance: elevation defects are frequently used in targeted attacks to widen access. Researchers stressed that fixes should be prioritized because these primitives materially improve the reliability of post‑exploit escalation.

---

Strengths and benefits of Administrator Protection (what it does right)​

Before criticizing design flaws, it’s important to acknowledge why Microsoft pursued Administrator Protection:

• True least‑privilege elevation — the shadow account model prevents day‑to‑day processes from carrying persistent admin tokens, reducing opportunities for malware to inherit or steal.
• Stronger authentication for elevation — tying elevation to Windows Hello or credential entry raises the difficulty of social‑engineering UAC prompts.
• Ephemeral tokens and profile separation — temporary, profile‑separated elevated sessions limit what elevated code can access in a user’s profile and reduce persistence of elevated privileges.
• Improved telemetry — Administrator Protection introduced new auditing/ETW events for elevation decisions, which helps defenders detect and investigate elevation activity.

Those improvements are the right long‑term direction for Windows security. The issue is n difficulty of achieving that goal without exposing latent OS behaviors that attackers can chain together.

---

Weaknesses, risks, and open questions​

• Complexity creates fragile assumptions. Administrator Protection intersects with deep kernel semantics (logon sessions, object directories) that were not designed for rapid change. Thetion touches, the higher the chance of surprising interactions.
• Compatibility and rollout risk. Hardening elevation semantics can cause real user impact—unintended UAC prompts, broken app behaviors, or shell regressions—forcing Microsoft to slow or revert rollouts and provide KIR/workarounds. This increases operational friction for enterprise adoption.
• Patch completeness and communication. Project Zero publicly noted concerns about incomplete fixes for at least one tracked CVE, and independent reporting flagged a perceived lack of vendor response. That harms trust and slows defensive adoption. Security teams need clear, accountable vendor communication for high‑value flaws.
• Residual vulnerability classes. Some classic UAC weaknesses (untrusted search paths, DLL/executable search order issues) remain relevant even under a shadow‑admin model unless they are explicitly mitigated. CVE tracking indicates that untrusted search path problems were central to at least one high‑profile fix.

Where specific claims were not independently verifiable in public reporting (for example, precise exploit reliability metrics across diverse hardware/driver combinations), researchers and vendors used cautious language. Readers should treat exploitability across environments as environment‑dependent until broad testing and vendor advisories confirm otherwise.

---

What organizations and administrators should do now​

• Apply updates promptly: Install the latest cumulative and security updates relevant to your Windows 11 servicing channel. Microsoft incorporated many of the fixes in optional preview updates and subsequent security bulletins. Where a fix introduces compatibility regressions, use Known Issue Rollback (KIR) policies to maintain stability while tracking vendor guidance.
• Avoid early deployment of preview/experimental features in production: Administrator Protection began in Canary/Insider preview channels. Do not promote experimental builds or preview features to production until Microsoft confirms GA readiness.
• Enforce least privilege and reduce attack surface: Limit local administrator membership, use role‑based access controls, and consider transient admin models in enterprise tooling.
• Harden application search paths and allow‑listing: Enforce application allow‑listing (Smart App Control, App Control for Business) and minimize reliance on relative paths or writable search locations for privileged helpers. These mitigations address the untrusted search path class of issues.
• Monitor and log elevation activity: Treat elevation events as high‑risk operations—collect ETW/telemetry for admin elevation approvals/denials and integrate these signals into SIEM/EDR workflows. Administrator Protection exposes new events that defenders should ingest.
• Use endpoint detection and response: Deploy EDR capabilities that can detect abnormal process creation, token duplication, and suspicious impersonation attempts—indicators consistent with the exploitation primitives Project Zero described.
• Operational readiness for rollback/workarounds: If your organization applies hardening updates that cause functional regressions, operationalize KIR or documented workarounds while staying in close contact with vendor advisories.

---

Deeper technical notes for defenders and security engineers​

• The attack focused on the kernel’s object namespace for DOS devices: directories under \Sessions\0\DosDevices\<auth‑id> are consulted before the global \?? directory, so a per‑logon symlink can override what a process sees as C:. Attackers who control creation or ownership of that per‑logon directory can redirect C: for processes in that logon session.
• TokenLinkedToken semantics changed: under Administrator Protection, each linked shadow admin token may represent a fresh logon session rather than a single reusable linked token, which altered expectations about pre‑existing per‑session objects. That change removed the implicit safety that had prevented DOS device hijacks under classic UAC.
• Object creation with Zw APIs and owner assignment quirks allowed privileged creation flows to complete without expected access checks, opening the timing window Forshaw exploited. Detection strategies should include monitoring sequences of token duplication, identification‑level impersonation, and unusual early manipulation of \?? entries.

---

Final analysis: course correction, not abandonment​

Administrator Protection is still the right goal: make elevation transient, authenticated, and observable. The research that surfaced these bypasses is evidence that Microsoft’s design is raising the bar—but also that platform redesign is dangerous if it does not explicitly enumerate and harden legacy behaviors it depends upon.
The sequence of events—disclosure, patching, public critique, and temporary rollback—should be read as the security lifecycle working: researchers find gaps; vendors patch and iterate; the ecosystem pressures compatibility testing and operational readiness; defenders adapt. The episode underscores the importance of assumption audits when you change foundational platform semantics.
For IT teams the practical takeaway is straightforward: patch promptly, avoid running preview features in production, treat elevation as a high‑risk telemetry signal, and combine least‑privilege policies with application allow‑listing and strong endpoint detection. Those controls greatly reduce the utility of any local elevation primitive—even a reliable one—by denying attackers the initial foothold or by making escalation noisy and observable.

---

Administrator Protection’s stumble is a sober reminder that hardening an operating system is as much about reconciling history as it is about inventing new defenses. The good news: the research was responsible, the vendor response produced fixes and operational guidance, and the conversation has pushed both implementers and defenders to be more explicit about assumptions. The bad news: until Administrator Protection’s model and the kernel’s corner cases are reconciled and the fixes prove robust across real‑world environments, organizations must rely on layered mitigations, vigilant patching, and conservative adoption policies to manage risk.

---

Source: Petri IT Knowledgebase Windows 11 Administrator Protection Design Flaws Exposed

 

[ChatGPT]

Microsoft’s optional Release Preview update KB5074105 quietly surfaces a meaningful enhancement to Windows 11’s privilege model — a just‑in‑time, profile‑separated elevation pathway that Microsoft and early community coverage describe as a new layer of “Administrator Protection” intended to protect system files and reduce the long‑standing attack surface created by persistent elevated tokens.

Background / Overview​

Windows’ User Account Control (UAC) and the split‑token model have been central to desktop privilege management for nearly two decades: administrators receive a de‑privileged token for everyday work and an elevated token for admin tasks. That model worked for usability, but it also left a persistent elevation surface that attackers have repeatedly exploited through token theft, UAC bypasses, and profile‑bound persistence. Over the past year Microsoft has been iterating on that model with preview features that create temporary, system‑managed admin contexts for elevate (often tied to Windows Hello). The behavior is now appearing in mainstream servicing previews via KB5074105.
KB5074105 (listed as OS builds 26100.7705 / 26200.7705 in the preview metadata) is a Release Preview cumulative update that mixes immediate quality fixes with server‑gated feature rollouts — installing the update makes a device eligible for the features, but Microsoft may flip functionality on a per‑device basis via entitlement. The package also bundles other notable items: an expanded Cross‑Device Resume for Android→Windows continuity, updated Windows MIDI services, a more flexible Smart App Control toggle, and Extended Sign‑in Security (ESS) for peripheral fingerprint sensors.

---

What KB5074105 Adds — at a glance​

• Administrator Protection (just‑in‑time elevation) — When present, elevated actions are served from a tempordmin context rather than the signed‑in user’s persistent admin token, and interactive approval (Windows Hello biometric/PIN or credentials) is required. Elevated tokens are destroyed when the action completes.
• Smart App Control toggle — SAC can now be turned on/off from Windows Security without requiring a clean reinstall, addressing a long‑standing usability pain.
• Windows Hello ESS peripheral fingerprint support — Enhanced Sign‑in Security now extends to compatible external fingerprint readers, broadening biometric options for desktop PCs.
• Cross‑Device Resume and creator features — Expanded Android handoff scenarios and modernized Windows MIDI Services for creators and devs.
• Operational/cryptographic changes — Secure Boot boot manager replacements and DPAPI domain backup key controls (administrators can manage key rotation). These items carry rare but real recovery implications.

Microsoft’s official preview notes explicitly list the package as an optional non‑security preview and detail the builds affected, user‑visible changes, and guidance around the staged rollouts. For administrators, the key message is: install to test, but expect that some items may remain server‑gated.

---

Deep dive: How Administrator Protection works (technical breakdown)​

The problem it solves​

Attackers exploit long‑lived elevated contexts and auto‑elevation points. Traditional elevation ties an admin’s elevated token to their user profile and ped context creates opportunities for credential theft, token reuse, and UAC bypass techniques. KB5074105’s Administrator Protection is designed to shorten the window attackers have and to isolate elevated operations from the user environment.

Core mechanics (what the platform does)​

• At sign‑in, users continue to run with a de‑privileged token by default.
• When an app requests elevation, Windows prompts the user with an interactive consent UI that can require Windows Hello biometric/PIN or credential verification.
• After successful interactive approval, Windows generates a temporary admin token sourced from a hidden System‑Managed Administrator Account (SMAA) or equivalent system‑managed elevation context.
• The elevated process runs in a profile‑separated context — it does not insment variables, or persistent settings.
• When the elevated process exits (or the operation completes), the elevated token and associated context are destroyed; no long‑lived elevated token remains.

Security telemetry and auditing​

Administrator Protection exposes new telemetry and eventing for elevation approvals and denials so that administrators can aud in enterprise environments. These events are intended to help detect anomalous elevation patterns in the same way modern endpoint solutions detect unusual authentication events.

---

Why this matters: security benefits and measured gains​

• Reduces attack surface: By creating short‑lived, profile‑separated admin tokens, Administrator Protection mitigatchniques that depend on long‑lived elevated contexts. Early internal testing and community analysis suggest a substantial reduction in common bypass vectors.
• Enforces least privilege runtime: Even accounts that are members of Administrators now operate with de‑privileged sessions by default; elevation is explicit and ephemeral.
• Stronger human verification: Integrating Windows Hello for consent ties an interactive, local authentication event, improving confidence that a real user approved the change rather than malware acting silently.
• Improved auditability: New ETW/telemetry streams give defende about who requested elevation, when, and whether consent was granted — crucial context for incident investigation.

Independent coverage and testing across preview rings corroborate these benefits and note that Microsoft treatsctural improvement to elevation semantics rather than a cosmetic UI tweak.

---

Compatibility trade‑offs and operational risks​

No security change of this scope is friction‑free. The engineering tradeoffs Microsoft made to shrink the elevation attack surface introduce measurable operational considerations.

Known and expected compatibility issues​

• Older installers and enterprise tooling may break. Scripts, installers, drivers, or mana assume persistent elevated tokens or rely on the signed‑in user’s profile will need to be validated. Imaging, deployment, and backup solutions that perform unattended elevated operations can be disrupted.
• **Remote manag Remote administrative scenarios (RDP sessions, unattended maintenance) that rely on token persistence or service‑bound elevation flows may require rework or special policy allowances.
• Third‑party security and management agents. Some EDR, AV, or manag updates to work correctly with SMAA‑style elevation contexts and to handle the new audit events. Vendor guidance is essential before enabling the feature broadly.
• Hardware and driver interactions. Separately, KB5074105 contains Secure Boot boot manager changes and DPAPI key rotation controls that carry rare recovery paths; resetting Secure Boot or toggling the DB on affected devices can trigger rg Secure Boot recovery media. Administrators and home users both need to be mindful of firmware and driver compatibility.

Real user reports and community notes​

Community threads in preview channels report additional teething problems: difficulty with Hello sign‑in on some Copilot+ devices afqrer rendering under specific builds, and SFC/SCANNOW anomalies that appear cosmetic but are worth noting during testing. These are not universal but highlight the value of staged pilots.

---

Guidance for IT teams and power users — a practical rollout plan​

If you manage endpoints or are the power user deciding whether to flip the switch, here is a concise, pragmatic plan for testing and staged rollout.

• Inventory your fleet and map critical workloads: imaging pipelines, backup/restore tools, custom installers, EDR/AV, the set of devices that use external biometric peripherals, and any unattended maintenance jobs.
• Create a small pilot ring (5–10% of fleet) covering high‑risk hardware diversity: laptops, desktops, Copilot+ PCs, and multimedia workstations (for MIDI and driver coverage).
• Install KB5074105 in the Release Preview channel on pilot devices or apply the package via your update management tools, then:
• Validate Administrator Protection behavior: confirm prompts, Windows Hello flows, and that elevated processes are profile‑separated.
• Test imaging and provisioning flows: verify that sysprep/unattended installations and driver packages function as expected.
• Validate remote admin paths (RDP, remote PowerShell, SCCM/Intune updates) and scheduled maintenance tasks.
• Hold a compatibility window: collect vendor guidance for EDR/AV and biometric peripherals (ESS), and coordinate driver/firmware updates for fingerprint sensors and Secure Boot UEFI components.
• Monitor telemetry and events closely for unusual elevation patterns during the pilot. Make rollback plans (system image re optional preview update) and a communication plan for helpdesk.
• Gradually expand to broader rings only after validating the workflow matrix and vendor readiness.

---

Why Microsoft is rolling this out via preview and server gating​

KB5074105 is distributed as a mixed preview: quality fixes apply broadly once the update is installed, but major features like Administrator Protection and Cross‑Device Resume are server‑gated and mtled devices. That staging model lets Microsoft validate compatibility across a highly fragmented hardware base while protecting large fleets from abrupt behavior change. For administrators this means installing the preview makes you eligible for the feature, but you shouldn’tflip on all devices.

---

Strengths, weaknesses, and a balanced verdict​

Strengths (what to like)​

• *A principled security improhort‑lived, profile‑separated elevation contexts aligns with least privilege* and modern endpoint hardening practices.
• Usability with stronger verification: Windows Hello integration makes elevation prompts more trustworthy and reduces blind consent.
• Governance improvements: Smart App Control toggle, peripheral ESS, and DPAPI controls give adre manageable security options.

Weaknesses and open questions​

• Compatibility risk: Legacy tools, unattended admin workflows, or installeation assumptions may fail or require code changes.
• Vendor dependence: Peripheral ESS is only as useful as driver and vendor support; not every USB fingerprint reader wi
• Rollout opacity: Server gating means inconsistent behavior across otherwise identical devices, which complicates fleet management until the feature is fully rolled out.

Final Verdict​

Administrator Protection as surfaced via KB5074105 is a conceptually strong, pragmatic move toward modernizing Windows elevation semantics. It is not risk‑free, and the changes are non‑trivial for organizations with scripted or unattended admin flows. However, the security benefits — a smaller window for token theft and clearer audit trails for elevation events — make this one of the more consequential hardening steps Microsoft has taken in recent Windows servicing cycltions the right posture is cautious piloting: enable in test rings, validate critical legacy workflows, and coordinate with vendors before a broad rollout.

---

Quick Q&A — What readers most often want to know​

• Will my daily apps stop working?
  Most consumer apps will be unaffected, but tools and scripts that assume persistent elevated tokens may need updates. Test before enabling.
• Can I disable the new trouble?
  The feature is controllable via Windows Security toggles (where Microsoft has exposed them), Group Policy, and MDM policies in enterprise scenarios; however, not every machine will show the toggle until Microsoft completes the staged rollout. rollback.
• Does this replace UAC?
  Not exactly. Administrator Protection reworks how elevation is provided and verified; UAC consent prompts remain the visible mechanism, but the underlying token model changes to use system‑managed, ephemeral admin contexts.
• Is this available to Home users?
  When fully rolled out, Microsoft’s Account Protection UI exposes the toggle to Home and Pro users too, but the preview gating means availability will vary by device and entitlement during the rollout.

---

Practical takeaways for Windows power users and sysadmins​

• Treat KB5074105 as a test candidate: Preview or a controlled ring and validate your critical workflows.
• Update or inventory any unattended admin scripts, imaging sequences, and driver stdministrator Protection broadly.
• Coordinate with EDR/AV and biometric peripheral vendors to confirm support for the new elevation and ESS behaviors.
• Use the Smart App Control toggle improvement to experiment with SAC in a lower‑risk manner — you can now turn it off temporarily to allow a one‑off install and re‑enable it without reinstalling Windows.

---

Microsoft’s KB5074105 preview is not merely another cumulative rollup; it’s a tactical step toward modern privilege management on Windows. The Administrator Protection model it surfaces represents a meaningful reduction in real — but it also introduces operational complexity that requires measured validation. For administrators and power users, the message is clear: test thoroughly, coordinate with vendors, and treat these changes as security hardening that, when applied thoughtfully, will make Windows 11 a harder target for adversaries.

---

Source: Neowin https://www.neowin.net/news/windows...feature-to-protect-system-files-in-kb5074105/