User Interface Privilege Isolation (UIPI) is a technology introduced inWindows Vista andWindows Server 2008 to combatshatter attack exploits. By making use ofMandatory Integrity Control, it prevents processes with a lower "integrity level" (IL) from sending messages to higher IL processes (except for a very specific set of UI messages).^[1]

Window messages are designed to communicate user action to processes. However, they can be used torun arbitrary code in the receiving process' context. This could be used by a malicious low-privilege processes to run arbitrary code in the context of a higher-privilege process, which constitutes an unauthorizedprivilege escalation. By restricting the ability of lower-privileged processes to send window messages to higher-privileged processes, UIPI can mitigate these kinds of attacks.^[2]

UIPI, and Mandatory Integrity Control more generally, is a security feature but not a securityboundary.^[3]

Microsoft Office 2010 uses UIPI for its Protected Viewsandbox to prohibit potentially unsafe documents from modifying components, files, and other resources on a system.^[4]

• Windows Vista
• Microsoft Windows security technology

• Articles with short description
• Short description is different from Wikidata