Google researcher had recently unpatched Windows 8.1 security vulnerability. The researcher writes with the name “Forshaw” where he mentioned that the researcher has waited for about a month after informing people of the vulnerability. After a month or so, When Forshow found that no action has been taken by Microsoft yet, then Forshow had unveiled the ways to exploit the loop-hole in security. ahcache.sys/NtApphelpCacheControl and there is a demo application that can launch calc.exe using the method. An elevation of privilege has been allowed in ahcache.sys/NtApphelpCacheControl. A demo application is there that can launch calc.exe using the method.
Windows 7 is not affected by this change. According to the report, you can check the following steps:
1) Put the AppCompatCache.exe and Testdll.dll on disk
2) Ensure that UAC is enabled, the current user is a split-token admin and the UAC setting is the default (no prompt for specific executables).
3) Execute AppCompatCache from the command prompt with the command line “AppCompatCache.exe c:\windows\system32\ComputerDefaults.exe testdll.dll”.
4) If successful then the calculator should appear running as an administrator. If it doesn’t work first time (and you get the ComputerDefaults program) re-run the exploit from 3, there seems to be a caching/timing issue sometimes on first run.