the uac bypass can be used now?

[GUANCAIBAN]

I had test the uac bypass though the uacbypass'author(https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e),but I can't execute the execute which in "C:\window \system32 "folder(although I can copy file to this folder)
so I think that the uac bypass had fixed.

I wondered if your way can use now?
Thanks!

[SecuProject]

Hello GUANCAIBAN,

I just did some testing on the full Windows 10 PRO 10.0.19044 update and it seems that microsoft patched the DLL Hijacking vulnerability for the winSAT.exe binary and the WINMM.dll DLL but not the abuse of "Trusted Directories".

In fact, the tool DLLHijackingScanner.exe is testing 45 different binaries for the DLL Hijacking vulnerability and there are still many vulnerable binaries.

An example of a binary that is still vulnerable is djoin.exe with the dll dbgcore.DLL.

Have a nice day :)

[GUANCAIBAN]

Thanks for your reply,SecuProject.
now I want to test this like you.eg:djoin.exe and dbgcore.dll.
Sorry,I can't understand your readme said.How can I used DLLHijackingScanner.exe to test djoin.exe and dbgcore.DLl can be used.
And,I want to know how can I make myself dll,not write a exploit.txt.maybe alert a message。

[GUANCAIBAN]

Oh,I mean that now I had know djoin.exe and dbgcore.dll can be used.
and i make a dll to alert a message.
Can I used command like this:
DLLHijackingScanner.exe myself.dll
to uacbypass and execute my dll?

[GUANCAIBAN]

Yeah!I know it's OK.Good job!
but antivirus software noted me that i tryed to modify the dll(I had closed the autoupload).