User Interface Privilege Isolation (UIPI) is a technology introduced in Windows Vista and Windows Server 2008 to combat code injection exploits. By leveraging Mandatory Integrity Control, it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages).[1] Window messages are designed to communicate user action to processes; however they can be used maliciously to trigger flaws in the receiving process to run arbitrary code in its context. If a low IL process can run code in the context of a higher IL process, it accomplishes an unauthorized privilege escalation resulting in a Shatter attack. By restricting access to some vectors for triggering flaws, UIPI can help to reduce and prevent some types of shatter attacks.[2]
UIPI is not a security boundary, and does not aim to protect against all shatter attacks. UI Accessibility Applications can bypass UIPI by setting their "uiAccess" value to TRUE as part of their manifest file. This requires the application to be in the Program Files or Windows directory, as well as to be signed by a valid code-signing authority, but these requirements will not necessarily stop malware from respecting them. Additionally, some messages are still allowed through, such as WM_KEYDOWN, which allows a lower IL process to drive input to an elevated command prompt. Finally, the function ChangeWindowMessageFilter allows a medium IL process (all non-elevated processes except Internet Explorer Protected Mode) to change the messages that a high IL process can receive from a lower IL process. This effectively allows bypassing UIPI, unless running from Internet Explorer or one of its child processes.
See also
References
Windows components |
Core |
Aero · ClearType · Desktop Window Manager · DirectX · Windows Explorer · Taskbar · Start menu · Windows Shell (Shell namespace · Special Folders · File associations) · Windows Search (Saved search, iFilters) · Graphics Device Interface · Windows Imaging Format · Next Generation TCP/IP stack · .NET Framework · Audio · Printing (XML Paper Specification) · Windows Script Host (VBScript, JScript) · COM (OLE, OLE Automation, DCOM, ActiveX, Structured storage) |
Applications and tools |
Backup and Restore Center · Calculator · Calendar · Character Map · Cmd.exe · Contacts · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · DVD Maker · Event Viewer · Fax and Scan · Internet Explorer · Mail · Magnifier · Management Console · Media Center · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · PowerShell · Private Character Editor · Problem Reports and Solutions · Remote Assistance · Sidebar · Snipping Tool · Sound Recorder · Sysprep · System Configuration · System File Checker · System Restore · Unix subsystem · Windows Installer · Windows Media Player · Windows Speech Recognition · Task Manager · Windows Update · WordPad · WinSAT |
Kernel |
Ntoskrnl.exe · hal.dll · System idle process · Svchost.exe · Registry · Windows service · Service Control Manager · WOW/WOW64 · DLL · EXE · NTLDR/Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection |
Services |
AutoPlay · BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Windows Error Reporting · Multimedia Class Scheduler · CLFS |
File systems |
NTFS (Junction point, Mount Point, Reparse point, Symbolic link, TxF, EFS) · FAT32 · FAT16 · FAT12 · exFAT · CDFS · UDF · DFS · IFS |
Server |
Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Distributed Transaction Coordinator · SharePoint Services · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Network Access Protection · DFS Replication |
Architecture |
NT series architecture · Object Manager · Startup process (Vista) · I/O RP · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows Resource Protection · LSASS · CSRSS · SMSS |
Security |
UAC · BitLocker · Defender · DEP · Protected Media Path · Mandatory Integrity Control · UIPI · Windows Firewall · Security Center |
Games |
Chess Titans · FreeCell · Hearts · Hold 'Em · InkBall · Mahjong Titans · Minesweeper · Purble Place · Solitaire · Spider Solitaire |
PowerToys |
Tweak UI · SyncToy · PowerCalc |