Adventures in Privesc: SCCM and Viewfinity

With the welcome shift of companies revoking local-administrator permissions from standard users, came the challenge of how to allow users to perform administrative actions on their machines — such as installing approved software — without making them full-blown administrators on their machines. Several tools exist to resolve this problem by allowing a low-privilege user to perform software installation in an elevated context. An issue I discovered with this approach is that when a user can interact with an installer deployed using one of these solutions, they can often escalate privileges on their machine.