OSNews is Exploring the Future of Computing

Source Code to UAC Injection Flaw Released

Linked by Thom Holwerda on Mon 22nd Jun 2009 22:31 UTC

Here at OSNews I have hammered and hammered on a few times already about the major flaw in Windows 7's default User Account Control, which allows people or software with malicious intent to completely bypass UAC in such an easy manner that you wonder why UAC is there in the first place. Well, the source code to this flaw has been released - since Microsoft has made it clear they have no interest in fixing it anyway - and Long Zheng, fellow advocate of fixing this bug, made a very clear demonstration video.

7 · Read More · 48 Comment(s)

http://osne.ws/gr0

Permalink for comment 369860
To read all comments associated with this story, please click here.

Why doesn't Microsoft virtualize the filesystem?

by axilmar on Tue 23rd Jun 2009 12:06 UTC

Member since:
2006-03-20

Instead of using a list of signed folders and files, Microsoft should introduce virtualization of the whole filesystem per user. Then there would be no need for signed objects' lists.

Reply Permalink Bookmark Score: 2