Here at OSNews I have hammered and hammered on a few times already about the major flaw in Windows 7’s default User Account Control, which allows people or software with malicious intent to completely bypass UAC in such an easy manner that you wonder why UAC is there in the first place. Well, the source code to this flaw has been released – since Microsoft has made it clear they have no interest in fixing it anyway – and Long Zheng, fellow advocate of fixing this bug, made a very clear demonstration video.
In a nutshell, since we’ve already discussed this a few times, the flaw works like this: a lot of people got all whiny over the UAC prompts in Windows Vista. As a result, Microsoft wanted to fix this in Windows 7. The logical, thorough, and proper method would’ve been to fix components of Windows so that they no longer require elevated privileges. Instead, Microsoft did an epic cop-out, reminiscent of the early days of Windows XP, and created a list of processes which possess auto-elevation capabilities. In other words, Microsoft allows its own processes to silently elevate in Windows 7 as to avoid having to actually fix their code.
As always, you can fix this by setting the UAC slider in Windows 7 to its topmost position. It’s also important to note that this flaw does not work if you are running as a standard user – however, since the first user created is still an administrator, that point is moot.
The video made by Long Zheng demonstrates just how easy it is. Mind-blowing.
Now that the source code is out and about, it will be much easier to abuse the flaw once Windows 7 is out there. I’d say Microsoft brought this upon themselves. The flaw and the code has been sent to Microsoft, the media have been all over it, but the company doesn’t care. As a result, there was no option left but to put the source out there.
Let me reiterate: set the UAC slider all the way up. Anything lower is very insecure.