New bypass using QuickAssist and WebView2 group policy

[R41N3RZUF477]

I created a new UAC bypass using the QuickAssist UIAccess application. This UAC bypass doesn't need to send any keys or mouse clicks and bypasses always notify setting. This UAC bypass serves as a PoC to showcase that any UIAccess bypass can be turned into an always notify compatible UAC bypass: https://github.com/R41N3RZUF477/QuickAssist_UAC_Bypass

Because of the use of QuickAssist.exe there are some caveats to this bypass:

• Works on Windows 10 1809 to Windows 11 24H2 (and probably upwards)
• Works only on clients (not Windows Servers)
• QuickAssist needs an internet connection. Otherwise WebView2 will not load
• WebView2 version 87 or later must be installed (needed for QuickAssist; installed during MS Edge updates)
• QuickAssist is optional in Windows 11 (but installed by default)

Edit: no internet connection required after small change

[R41N3RZUF477]

A small change to the loaded DLL (version infos) is enough to omit the internet connection requirement. I updated the bypass to add version information dynamically to the DLL.

[hfiref0x]

Hello,

Thanks for your research, it looks interesting! I will look into it and (if possible) integrate it into UACMe but a bit later since I'm currently out of free time.

[hfiref0x]

I can confirm, it is working well on W11 (23H2/24H2).

[hfiref0x]

I've added it as method 81. Great find by the way.