DailyTech recently reported on how a critical security flaw found in the beta of Microsoft's upcoming Windows 7 OS could allow attackers to easily disable the integral User Account Control (UAC) security component and gain control of systems. The flaw was first discovered by Windows blogger Long Zheng, and was also independently detailed by blogger Rafael Rivera. The pair followed up with additional information yesterday on how the flaw could be used to give a malicious payload full execution rights.

Microsoft's reaction to the flaw initially was to totally deny that it was a problem, choosing to instead refer to it as "by design". In a blog post, Jon DeVaan, the senior vice president responsible for Windows' architecture and core components defended the move saying it was necessary to prevent user annoyance.

Stated Mr. DeVaan, "If people see more than two prompts in a session they feel that the prompts are irritating and interfering with their use of the computer. We are very happy with the positive feedback we have received about UAC."

His blog post was met with a firestorm of criticism from experienced Windows users in the community. However, rather than casting a blind eye to the criticism, Microsoft has apparently listened to its community and customers, today announcing a swift and dramatic reversal on its UAC stance.

Microsoft announced that it will implement the seemingly obvious solution to the problem. It will warn users before any changes to the UAC. Previously this was only done in safe mode. The change preserves Microsoft's certification system, which provides less irritating warnings, while now safeguarding the UAC.

You can read the entire article at DailyTech.