User Interface Privilege Isolation

Quality 0.50 · 2 views · Updated 2 months ago

Security technology in Microsoft Windows

title: "User Interface Privilege Isolation" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["windows-vista", "microsoft-windows-security-technology"] description: "Security technology in Microsoft Windows" topic_path: "technology/operating-systems" source: "https://en.wikipedia.org/wiki/User_Interface_Privilege_Isolation" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Security technology in Microsoft Windows ::

User Interface Privilege Isolation (UIPI) is a technology introduced in Windows Vista and Windows Server 2008 to combat shatter attack exploits. By making use of Mandatory Integrity Control, it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages).{{cite web |url=http://msdn2.microsoft.com/en-us/library/aa905330.aspx |title=The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC) |publisher=Microsoft |date=April 2007 |access-date=2007-12-07

Window messages are designed to communicate user action to processes. However, they can be used to run arbitrary code in the receiving process' context. This could be used by a malicious low-privilege processes to run arbitrary code in the context of a higher-privilege process, which constitutes an unauthorized privilege escalation. By restricting the ability of lower-privileged processes to send window messages to higher-privileged processes, UIPI can mitigate these kinds of attacks.{{cite web |url=https://www.coseinc.com/en/index.php?rt=download&act=publication&file=Vista_UIPI.ppt.pdf |archive-url=https://web.archive.org/web/20120418173959/https://www.coseinc.com/en/index.php?rt=download&act=publication&file=Vista_UIPI.ppt.pdf |url-status=dead |archive-date=2012-04-18 |title=Windows Vista UIPI |author=Edgar Barbosa |publisher=COSEINC |access-date=2012-04-18

UIPI, and Mandatory Integrity Control more generally, is a security feature but not a security boundary.{{cite web |url=https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria |title=Microsoft Security Servicing Criteria for Windows |website=Microsoft

Microsoft Office 2010 uses UIPI for its Protected View sandbox to prohibit potentially unsafe documents from modifying components, files, and other resources on a system.

References

References

  1. Malhotra, Mike. (August 13, 2009). "Protected View in Office 2010". [[Microsoft]].

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

windows-vistamicrosoft-windows-security-technology