Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


In this post I will share some of my findings as well as the filter itself for finding privilege escalation vulnerabilities with Sysinternals Process Monitor (Procmon).

The Concept

When a program is software is installed on the Windows platform, some components of it may run with privileges, regardless of which user is currently logged on to the system. These privileged components generally take two forms: