http://debianws.lexgopc.com/wiki143/index.php?action=history&feed=atom&title=User_Interface_Privilege_IsolationUser Interface Privilege Isolation - Revision history2026-05-04T18:23:26ZRevision history for this page on the wikiMediaWiki 1.43.1http://debianws.lexgopc.com/wiki143/index.php?title=User_Interface_Privilege_Isolation&diff=4822774&oldid=previmported>Citation bot: Add: website. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | #UCB_webform 1480/33522023-03-27T08:43:13Z<p>Add: website. | <a href="/wiki143/index.php?title=WP:UCB&action=edit&redlink=1" class="new" title="WP:UCB (page does not exist)">Use this bot</a>. <a href="/wiki143/index.php?title=WP:DBUG&action=edit&redlink=1" class="new" title="WP:DBUG (page does not exist)">Report bugs</a>. | Suggested by Whoop whoop pull up | #UCB_webform 1480/3352</p>
<p><b>New page</b></p><div>{{Short description|Security technology in Microsoft Windows}}<br />
'''User Interface Privilege Isolation''' ('''UIPI''') is a technology introduced in [[Windows Vista]] and [[Windows Server 2008]] to combat [[shatter attack]] exploits. By making use of [[Mandatory Integrity Control]], it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages).<ref name="msdn">{{cite web<br />
|url=http://msdn2.microsoft.com/en-us/library/aa905330.aspx<br />
|title=The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC)<br />
|publisher=[[Microsoft]]<br />
|date=April 2007<br />
|access-date=2007-12-07<br />
}}</ref><br />
<br />
Window messages are designed to communicate user action to processes. However, they can be used to [[arbitrary code execution|run arbitrary code]] in the receiving process' context. This could be used by a malicious low-privilege processes to run arbitrary code in the context of a higher-privilege process, which constitutes an unauthorized [[privilege escalation]]. By restricting the ability of lower-privileged processes to send window messages to higher-privileged processes, UIPI can mitigate these kinds of attacks.<ref name="coseinc">{{cite web<br />
|url=https://www.coseinc.com/en/index.php?rt=download&act=publication&file=Vista_UIPI.ppt.pdf<br />
|archive-url=https://web.archive.org/web/20120418173959/https://www.coseinc.com/en/index.php?rt=download&act=publication&file=Vista_UIPI.ppt.pdf<br />
|url-status=dead<br />
|archive-date=2012-04-18<br />
|title=Windows Vista UIPI <br />
|author=Edgar Barbosa<br />
|publisher=COSEINC<br />
|access-date=2012-04-18<br />
}} </ref><br />
<br />
UIPI, and Mandatory Integrity Control more generally, is a security feature but not a security ''boundary''.<ref name="msrc">{{cite web<br />
|url=https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria<br />
|title=Microsoft Security Servicing Criteria for Windows<br />
|website=[[Microsoft]]<br />
}}</ref> <br />
<br />
[[Microsoft Office 2010]] uses UIPI for its Protected View [[Sandbox (computer security)|sandbox]] to prohibit potentially unsafe documents from modifying components, files, and other resources on a system.<ref name="ProtectedView">{{cite web |url=https://blogs.technet.microsoft.com/office2010/2009/08/13/protected-view-in-office-2010/ |title=Protected View in Office 2010 |last=Malhotra |first=Mike |date=August 13, 2009 |publisher=[[Microsoft]] |work=[[Microsoft TechNet|TechNet]] |access-date=September 22, 2017}}</ref><br />
<br />
==References==<br />
{{reflist}}<br />
<br />
{{Windows Components}}<br />
<br />
[[Category:Windows Vista]]<br />
[[Category:Microsoft Windows security technology]]</div>imported>Citation bot