Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Hole In Windows 7 UAC

Posted by kdawson on from the cancel-or-allow dept.

An anonymous reader writes "A prolific blogger is warning of a possible security hole in the latest beta version of Windows 7. Long Zheng has posted both a description and a proof of concept for an issue that could allow an attacker to skirt the User Account Control component in the new version of Windows. The problem, explains Zheng, is that UAC itself is controlled through system settings. This can allow an attacker to completely disable the protections without user notification. Zheng notes that the issue can be easily fixed by changing the UAC setting to notify users when Windows settings are altered, and that Microsoft could remedy the problem by prompting the user when the UAC setting is altered."

1 of 388 comments (clear)

  1. It IS a problem, because it is being rushed out! by ed · · Score: 1, Troll

    Microsoft feel happy wnough with Windows Vista SP2

    So much that they are not bothering with a second Beta

    So what you have in your hands now is pretty much how it may ship

    http://www.theregister.co.uk/2009/02/02/windows_7_no_second_beta/