Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Hole In Windows 7 UAC

Posted by kdawson on from the cancel-or-allow dept.

An anonymous reader writes "A prolific blogger is warning of a possible security hole in the latest beta version of Windows 7. Long Zheng has posted both a description and a proof of concept for an issue that could allow an attacker to skirt the User Account Control component in the new version of Windows. The problem, explains Zheng, is that UAC itself is controlled through system settings. This can allow an attacker to completely disable the protections without user notification. Zheng notes that the issue can be easily fixed by changing the UAC setting to notify users when Windows settings are altered, and that Microsoft could remedy the problem by prompting the user when the UAC setting is altered."

4 of 388 comments (clear)

  1. It IS a problem, because it is being rushed out! by ed · · Score: 1, Troll

    Microsoft feel happy wnough with Windows Vista SP2

    So much that they are not bothering with a second Beta

    So what you have in your hands now is pretty much how it may ship

    http://www.theregister.co.uk/2009/02/02/windows_7_no_second_beta/

  2. Security hole in the White House... by Anonymous Coward · · Score: -1, Troll

    So much for "change." The cabinet's been loaded up with former lobbyists, tax cheats, and women whose husbands will be soliciting donations for their private charities from the countries whose arms are being twisted by his wife. I guess that's what happens when you elect a guy based on a word that he never clearly defines. And now he's shuckin' and jivin' for us while Pelosi and Reid load up a so-called "stimulous" package with hundreds of billions of dollars for every failed liberal pet cause from the last 60 years. What everyone in the Obamarama media choir has failed to report, though, is that none of this money exists yet. We're relying on the developing world to buy more of our debt, yet again, and on our great-great-grandchildren's ability to repay that debt. Folks, the pyramid is about to come tumbling down. The world is tired of supporting our financial shell game. It's time to stop spending money that doesn't exist if we want to remain a solvent nation. Oh, but we mustn't listen to Rush and criticize our Dear Leader in his moment of triumph! LOL, very Presidential, getting in a pissing match with a radio talk show host.

    1. Re:Security hole in the White House... by Anonymous Coward · · Score: 0, Troll

      Really? I have no problem with a black man in the White House. I have a problem with him trying to distract us with petty bullshit like Rush Limbaugh while the people who propped him up during the election try to steal another $1.2 Trillion (after interest is factored in) from future Americans. The most appropriate term for that kind of distraction in the face of such malfeasance is "shuckin' and jivin.'" Nice smokescreen, but fuck you, you mindless shill. People like you keep re-electing the same fucktards for Congress year after year, not realizing that they have more control over the economy than the President does.

  3. Long Zhen? by Anonymous Coward · · Score: -1, Troll

    Harvey: Me so horny. Me love you long tim.
    Pam: Who's Long Tim?
    Harvey: Long time. Me lobe yoy long time.
    Jim: Well Yoy should bring Long Tim in someday
    Harvey: You ruined a funny joke, get out of my offive.