RegisterHomeNewsForumsArticlesDownloadsSearchContact usChat
Already a member? Sign in.
DriverScanner


[ Home / Forums / News
Another Windows 7 UAC Exploit Surfaces
 
Posted by Chaos on February 5th, 2009, 05:31 PM

As you probably know by now, Windows 7 introduces some new in-between modes for User Account Control (UAC). By default, Windows 7 (beta thus far) ships with UAC configured at the “Notify me only when programs try to make changes to my computer.” level. As the UAC helper text indicates, “this setting does not prompt when you change Windows settings, such as control panel and administration tasks.”

But how does Windows determine if an application should not prompt the user and simply auto-elevate? As Long Zheng alluded to, Windows checks the process’ image on disk for an embedded digital certificate. But this alone isn’t enough, otherwise instances of any Microsoft application (e.g. calc.exe) would automatically elevate. Leo Davidson did some initial investigative work and uncovered a clue direct from Microsoft.

You can read the entire article at Within Windows.

Last edited by Regeneration; February 5th, 2009 at 05:33 PM.

6 Comments
Posted by PrEzi on February 5th, 2009, 09:27 PM
it has been already addressed.
Code:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9127392&source=rss_news
Remember - it's still a BETA, not RTM, not even RC yet.
Quote
Posted by blindartist on February 5th, 2009, 09:34 PM
Exactly, every OS has a slew of bugs and security issues in early stages, the important thing is to find them and fix them
Quote
Posted by Hueristic on February 8th, 2009, 03:15 AM
LMAO, The backdoors are getting found before release now I love it!
Quote
Posted by lyla on February 8th, 2009, 11:42 PM
Quote:
Originally Posted by Hueristic View Post
LMAO, The backdoors are getting found before release now I love it!
That has always been the purpose of pre-releases moron.
Quote
Posted by squall_leonhart on February 9th, 2009, 08:33 AM
what happened in Vista's beta then.
Quote
Posted by lyla on February 9th, 2009, 09:30 AM
the same thing duh....

"""Microsoft has issued this type of patch for beta software in the past--it released a January security update for Windows Vista Beta 1--but the company does not provide information about beta products in its regularly scheduled monthly updates, said Stephen Toulouse, security program manager with Microsoft's security response center.

"Beta products are not listed in the security bulletins as they are still under development and not intended to be used in production environments," he said in an e-mail interview."""
Quote


Similar Threads
Windows 8 Developer Preview    Microsoft Announces Worldwide Availability of Windows 7    FSF Attacks Microsoft Over Windows 7's Sins    Microsoft Reveals Windows 7 Pricing    AutoPatcher 2005 XP   
 

Quick Reply
Message:
Your Username: Click here to log in

Options
 





Copyright © NGOHQ.com - All rights reserved
Reproduction in whole or in part in any form or medium
without written permission of the site's owners is prohibited.
Powered by vBulletin from vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO

Contact Us - Archive - Screenshots - ATI Drivers - Nvidia Drivers - Downloads - Disclaimer - Top