Slashdot Mirror


Security Hole In Windows 7 UAC

An anonymous reader writes "A prolific blogger is warning of a possible security hole in the latest beta version of Windows 7. Long Zheng has posted both a description and a proof of concept for an issue that could allow an attacker to skirt the User Account Control component in the new version of Windows. The problem, explains Zheng, is that UAC itself is controlled through system settings. This can allow an attacker to completely disable the protections without user notification. Zheng notes that the issue can be easily fixed by changing the UAC setting to notify users when Windows settings are altered, and that Microsoft could remedy the problem by prompting the user when the UAC setting is altered."

7 of 388 comments (clear)

  1. "Gerald" by plasmacutter · · Score: 5, Funny

    Everyone knows from recent news that microsoft has removed the innards of windows 7 and replaced them with "gerald", a lovable computer literate field mouse.

    Gerald is cheap, congenial, and zippy, but unfortunately has very poor judgment.

    --
    VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
  2. The beta worked! by jamesmcm · · Score: 5, Funny

    The beta worked perfectly!
    Even the malware will be ready for Windows 7!

  3. Mechanical Analog by pm_rat_poison · · Score: 4, Funny

    So, basically, what they did was build a big sturdy door (UAC) and put the treasure (system settings) behind it. Normally you need magic keys (certificates) to enter the door. Then, they built a button that unlocks the door from the outside. Wow!

    1. Re:Mechanical Analog by Anonymous Coward · · Score: 5, Funny

      the worst car analogy I've seen on slashdot for a while.

    2. Re:Mechanical Analog by pm_rat_poison · · Score: 4, Funny

      It's so bad a car analogy, that it doesn't even have cars.

  4. whoa, recursive Meta-UAC by rarel · · Score: 5, Funny
    From TFA: Microsoft could remedy the problem by prompting the user when the UAC setting is altered.

    ==============

    "It look like you're trying to alter the UAC settings, Cancel or Allow?"
    *click*
    "It looks like you've confirmed the change in UAC settings, Cancel or Allow?"
    *click*
    "The UAC settings have been altered, Cancel or Allow?"
    *click**click**click**click**click*-----INPUT DEVICE FAILURE

  5. UAC by essence · · Score: 4, Funny

    all this talk of UAC makes me feel like playing some doom again.