| ID | Name |
|---|---|
| ATAGS-T1078.001 | Bypass User Account Control |
| ATAGS-T1078.002 | Elevated Execution with Prompt |
| ATAGS-T1078.003 | Setuid and Setgid |
| ATAGS-T1078.004 | Sudo and Sudo Caching |
| ATAGS-T1078.005 | TCC Manipulation |
| ATAGS-T1078.006 | Temporary Elevated Cloud Access |
Threat Actors may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.