Linked by Thom Holwerda on Sat 31st Jan 2009 10:45 UTC
Privacy, Security, Encryption Yesterday, we reported on the security flaw in Windows 7's UAC slider dialog, and today, Microsoft has given a response to the situation, but it doesn't seem like the company intends to fix it. "This is not a vulnerability. The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings. This includes changing the UAC prompting level." I hope this reply came from a marketing drone, because if they intend on keeping this behaviour as-is in Windows 7 RTM, they're going to face a serious shitstorm - and rightfully so. Let's hope the Sinfoskies and Larson-Greens at Microsoft rectify this situation as soon as possible.
Permalink for comment 346362
To read all comments associated with this story, please click here.
Not that serious
by Nelson on Sat 31st Jan 2009 14:08 UTC
Member since:

People seem to overlook the fact that, for this to even propagate in the first place, the user needs to have execution privileges on the system already.

You want to know how else I can turn UAC off? I can break into your home, take your keyboard, and type in the key combination myself.

That's basically what this amounts to. You're stuck in the situation where to turn UAC off you need to first bypass UAC and get installed on the machine. That's why it's not considered a vulnerability.

The way UAC is more silent in Windows 7 is, it does not prompt for executables that are signed by Microsoft. This means that most of the system components require no elevation at all, since they're being done by the user at his Computer.

The real protection comes in, when an unknown and unsigned program attempts to run on your machine. That's when UAC gets all noisy.

The distinction between Windows 7's UAC and Vista's UAC is this distinction. Vista's UAC locked down the machine, even from seemingly harmless tasks (Deleting a shortcut, for example). Windows 7's UAC is much smarter about it's protection, and uses digital signatures to be more lenient.

I think the best "solution" I've seen is to not allow SendKeys to operate on signed executables. Problem solved, now get to it Microsoft.


I'd like to add on, for those who think that this can be compounded with other social engineering malware, that it's irrelevant.

If one UAC dialog can't prevent a user from realizing he's running a dangerous program, then ten UAC dialogs won't be able to stop him either, so the point is moot.

Edited 2009-01-31 14:10 UTC

Reply Score: 3