Slashdot Mirror

← Back to Stories (view on slashdot.org)

UAC Whitelist Hole In Windows 7

Posted by Soulskill on from the time-for-some-creative-rebranding dept.

David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"

4 of 496 comments (clear)

  1. Futurama Analogy by nurhussein · · Score: 3, Funny

    Microsoft's approach to security is like putting too much air into a balloon! And when exploiters find a way around their measures, it's like.. a balloon, and... something bad happens!

  2. Mend it or end it. by ciderVisor · · Score: 3, Funny

    "Ending is better than mending. The more stitches, the less riches; the more stitches ..."

    --
    Squirrel!
  3. Full Featured Windows API by Sponge+Bath · · Score: 3, Funny

    ...APIs such as WriteProcessMemory and CreateRemoteThread.

    At first glance I was wondering why Microsoft would supply and API function CreateRemoteThreat().
    Even for Windows, that would be a little out there.

  4. Re:If it was easy-- by funkatron · · Score: 5, Funny

    So what should Microsoft be doing?

    The one thing that's always worked before. Design a new colour scheme and let the marketing department do the rest.

    --
    "Welcome to our world. We are the wasted youth. And we are the future too." Yes, I know these are stupid lyrics.