Bypassing Windows Administrator Protection

A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it’s different from UAC. I’ll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I’ll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional update KB5067036) or as subsequent security bulletins. Note: As of 1st December 2025 the Administrator Protection feature has been disabled by Microsoft while an application compatibility issue is dealt with. The issue is unlikely to be related to anything described in this blog post so the analysis doesn’t change.

The Project Zero article analyzes Windows 11's new Administrator Protection feature, designed to harden and ultimately replace UAC, and documents nine vulnerabilities that allowed silent escalation to full administrator privileges before being patched by Microsoft.[1] It details one representative bypass that combines multiple Windows OS behaviors (logon sessions, object access, and elevation flows) to gain admin rights without user prompts, noting all reported issues are now fixed or mitigated as of specific updates and that the feature itself is temporarily disabled for compatibility reasons.[1] From a CyberSE.AI perspective, this type of research directly informs how adversaries might chain OS-level privilege escalation with AI-assisted tooling or autonomous agents to gain extended control on endpoints. Organizations building or deploying AI agents on Windows should incorporate continuous red teaming to simulate such escalation paths, validate that their agents cannot be abused to trigger or exploit similar admin-elevation flows, and ensure patch and configuration baselines (e.g., around elevation mechanisms) are continuously enforced across AI-integrated systems.