Linked by Thom Holwerda on Sat 31st Jan 2009 10:45 UTC
Privacy, Security, Encryption Yesterday, we reported on the security flaw in Windows 7's UAC slider dialog, and today, Microsoft has given a response to the situation, but it doesn't seem like the company intends to fix it. "This is not a vulnerability. The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings. This includes changing the UAC prompting level." I hope this reply came from a marketing drone, because if they intend on keeping this behaviour as-is in Windows 7 RTM, they're going to face a serious shitstorm - and rightfully so. Let's hope the Sinfoskies and Larson-Greens at Microsoft rectify this situation as soon as possible.
Permalink for comment 346374
To read all comments associated with this story, please click here.
RE[5]: Not that serious
by Gone fishing on Sat 31st Jan 2009 15:03 UTC in reply to "RE[4]: Not that serious"
Gone fishing
Member since:
2006-02-22

My understanding was:

The user gets a file such as see_girl_naked.vbs The file runs a script that emulates some key strokes and poof no UAC. But you could have a nice new mail server installed

What should happen is a warning see_girl_naked.vbs wishes to modify your system files click yes to allow. Obviously if you say yes your an idiot and very little can save you.

Reply Parent Score: 4