"Do you want to allow the following program to make changes to this computer?"
Any Windows user has probably seen more than his or her fair share of prompts like these.
It may be annoying at times but this is part of the User Account Control (UAC) security system of Windows XP through Windows 10. It prevents programs and processes from making unauthorized changes to your computer without approval from an administrator.
It's vital that you leave this enabled so you'll have another level of protection against malicious software that's attempting to do system-wide modifications to your machine. Without UAC prompts, malware can automatically make changes to your PC unhindered.
But is Windows UAC reliable? Not exactly says security researcher Matt Nelson. According to Threatpost, he found an exploit that could totally bypass UAC and run high-level commands including malicious scripts without leaving any trace nor evidence.
Since this exploit does not involve any malware installed nor any files dropped, Nelson says that not even security solutions like antivirus software could detect this type of attack.
The vulnerability he discovered is in Windows' own Event Viewer, the feature that lets users review system event logs. He exploited this process (eventvwr.exe) to hijack the Microsoft Management Console via registry processes and then launch a Powershell session.
Within Powershell, he could then run any arbitrary code he desires without leaving a single trace. Due to the nature of this attack, aside from antivirus and computer forensics tools, it may even slip through other system administrators undetected.