User Interface Privilege Isolation (UIPI) is a technology introduced in Windows Vista and Windows Server 2008 to combat shatter attack exploits. By making use of Mandatory Integrity Control, it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages).[1]
Window messages are designed to communicate user action to processes. However, they can be used to run arbitrary code in the receiving process' context. This could be used by a malicious low-privilege processes to run arbitrary code in the context of a higher-privilege process, which constitutes an unauthorized privilege escalation. By restricting the ability of lower-privileged processes to send window messages to higher-privileged processes, UIPI can mitigate these kinds of attacks.[2]
UIPI, and Mandatory Integrity Control more generally, is a security feature but not a security boundary.[3]
Microsoft Office 2010 uses UIPI for its Protected View sandbox to prohibit potentially unsafe documents from modifying components, files, and other resources on a system.[4]
^"The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC)". Microsoft. April 2007. Retrieved 2007-12-07.
^Edgar Barbosa. "Windows Vista UIPI" (PDF). COSEINC. Archived from the original (PDF) on 2012-04-18. Retrieved 2012-04-18.
^"Microsoft Security Servicing Criteria for Windows". Microsoft.
^Malhotra, Mike (August 13, 2009). "Protected View in Office 2010". TechNet. Microsoft. Retrieved September 22, 2017.
and 25 Related for: User Interface Privilege Isolation information
UserInterfacePrivilegeIsolation (UIPI) is a technology introduced in Windows Vista and Windows Server 2008 to combat shatter attack exploits. By making...
higher-privilege ones, another new technology, User InterfacePrivilegeIsolation, is used in conjunction with User Account Control to isolate these processes...
Windows 10 Creators Update. UserInterfacePrivilegeIsolation Mandatory Integrity Control Principle of least privilege Capability-based security "Exploiting...
well as for defining the boundary for window messages in the UserInterfacePrivilegeIsolation (UIPI) technology, Mandatory Integrity Control is used by...
engineering (security) Trusted Computing Trusted Solaris User Account Control UserInterfacePrivilegeIsolation Windows File Protection Cunningham, Andrew; Hutchinson...
application written by Adobe Systems for the Windows 8/RT Metro Style interface. The current versions offers only basic PDF reading features, subsequent...
such as network interface cards. The primary benefit of running a driver in user mode is improved stability, since a poorly written user-mode device driver...
later versions of Windows, Mandatory Integrity Control and UserInterfacePrivilegeIsolation further restrict the separate process. Protected View is also...
security by obscurity. A userinterface (UI) is essential to support human interaction with a computer. The two most common userinterface types for any computer...
Administrator permissions to run, applications that implement UserInterfacePrivilegeIsolation, such as Internet Explorer 7 and Internet Explorer 8, and...
covering most aspects of the operating system. In addition to the new userinterface, security capabilities, and developer technologies, several major components...
values in the caller's UTS namespace." User namespaces are a feature to provide both privilegeisolation and user identification segregation across multiple...
Mandatory Integrity Control, Parental Controls, User Account Control, UserInterfacePrivilegeIsolation, and Windows Defender. Windows Firewall is significantly...
operating system. New features of Windows Vista include a graphical userinterface and visual style referred to as Windows Aero; a content index and desktop...
with an icon representing the device, allowing users one-click access to the device's userinterface. When LLTD is invoked, it provides metadata about...
features of Active Directory via the COM interfaces provided by Active Directory Service Interfaces. To allow users in one domain to access resources in another...
addition to adding support for System/36 applications, some of the userinterface and ease-of-use features from the System/36 were carried over to the...
and play (PnP) hardware bus. User mode is made up of various system-defined processes and DLLs. The interface between user mode applications and operating...
of the folder or file. This no longer works as a result of UserInterfacePrivilegeIsolation. When using Windows Aero, all GDI, GDI+ and DirectDraw applications...
information (such as version, name, description, privileges, etc.), and other files for the userinterface (icons, popups, etc.). Google has an official...
collects telemetry information. DMRC (Device Metadata Retrieval Client) interfaces to metadata about devices from Windows 7 onwards. I/O technologies Macro...
malicious code or spoof the userinterface, by preventing unauthorized processes from sending messages to high privilege processes. Any process that wants...
start of this article), the system must provide a userinterface that is capable of allowing a user to access and process content at multiple classification...
subsystem of the Linux kernel responsible for interfacing with GPUs of modern video cards. DRM exposes an API that user-space programs can use to send commands...
control interfaces, and frontends to the Genode package manager. The system does not feature a full desktop environment, but requires users to deploy...