Bypassing Administrator Protection by Abusing UI Access

Microsoft discovered 9 security vulnerabilities in Windows Administrator Protection, with 5 traced to problems in UI Access implementation, a feature designed to let accessibility tools (like screen readers) interact with administrator-level windows while maintaining security boundaries. The vulnerability stems from how UI Access, which was created to bypass User Interface Privacy Isolation (UIPI, a security mechanism that prevents lower-privilege processes from controlling higher-privilege windows) for accessibility needs, could be abused to escalate privileges.