A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Cont...

Project Zero is Google's security research team dedicated to finding and fixing zero-day vulnerabilities in software and hardware, aiming to improve the security of the broader internet ecosystem. Security researchers can learn about vulnerability research, exploit development, and responsible disclosure practices to contribute to making the internet safer for everyone.

Project Zero

Google Project Zero researcher James Forshaw details a complex vulnerability he discovered in Windows 11's new Administrator Protection feature, which aims to replace UAC with a more secure privilege elevation system. The bypass exploits a chain of five OS behaviors involving logon sessions, DOS device object directories, and kernel-level access checking. Forshaw found nine separate bypasses during insider preview testing, all of which were fixed before or shortly after release. The article provides deep technical analysis of the vulnerability, explains why Administrator Protection still carries forward UAC's legacy issues, and offers perspective on whether the feature successfully establishes a defensible security boundary.

Bypassing Windows Administrator Protection

The Problem Administration Protection is Trying to Solve