What is Windows UI Access?

UI Access is a UAC token flag letting low-priv accessibility apps bypass UIPI to control high-priv UIs — like screen readers clicking admin prompts.

How was UI Access abused to bypass Administrator Protection?

Attackers placed signed exes with uiAccess manifests in admin dirs, launched via RPC — gaining High IL without consent, cracking the new protection.

Are the UI Access bypasses fixed in latest Windows?

Yes, all nine from Forshaw's research patched pre-release; test in VMs before deploying.

🔓 Data Breaches

Five Ways UI Access Cracked Windows' Admin Protection — Before It Even Launched

Nine zero-days in a single feature. Researcher James Forshaw exposed how UI Access, meant for screen readers, became a backdoor to admin privileges — until Microsoft patched them all pre-launch.

Threat Digest Apr 03, 2026 4 min read 11 views

Flowchart showing UI Access elevation bypassing UIPI in Windows UAC

⚡ Key Takeaways

Five of nine Administrator Protection bypasses exploited UI Access, a 15-year-old UAC accessibility feature. 𝕏
Bypasses relied on weak checks like file location and generic code signing — now hardened. 𝕏
Architecture lesson: Static file gates fail against evolving attacks; behavioral checks needed. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Administrator Protection #Shatter Attack #UI Access bypass #UIPI #Windows UAC #privilege escalation

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Google Project Zero

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

GCP Vertex AI's Hidden Trap: How AI Agents Become Corporate Double Agents

Windows 11 Admin Protection Bypassed—Nine Times Over

Hackers Hijack EU's Cloud via Poisoned Scanner — 300GB of Citizen Data Gone

Meta Ghosts Mercor After Breach Spills AI Training Secrets

Stay in the loop