Slashdot Mirror

← Back to Stories (view on slashdot.org)

UAC Whitelist Hole In Windows 7

Posted by Soulskill on from the time-for-some-creative-rebranding dept.

David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"

3 of 496 comments (clear)

  1. Just rip off the band-aid by dgr73 · · Score: 4, Interesting

    I had my try with UAC and came to the conclusion that it's just a lose/lose situation for Microsoft.

    Lose 1. They're basically advertising to users that "The feature you're about to use is buggy as hell and totally insecure, so you'll have to accept the responsibility for using it". Great way to sell a product.

    Lose 2. It's so annoying, people just turn it off completely, thus negating any "security" it supposedly provides

    The only upside is that they insulate themselves legally by having the user do the "not recommended" thing whenever they use the OS. Then again, they've never been much to accept responsibility for security problems anyways, it's kind of a moot point.

  2. Re:If it was easy-- by spyrochaete · · Score: 4, Interesting

    I agree 100%. I guess I'm in the minority but I love Vista UAC. Fairly often I will carelessly click something, and UAC gives me a second chance to abort before it's too late. UAC is only useful 1 time in 20, but I thank my lucky stars that 1 time.

  3. Re:If it was easy-- by Blakey+Rat · · Score: 4, Interesting

    That's fine, I hear a lot of valid criticisms of UAC.

    What bothers me is nobody seems to answer the question: "What *should* they be doing?" in a reasonable manner.

    If you ask that on Slashdot, you get either "switch to Linux hur hur" or "they should write a new OS from scratch and run NT in a VM." Neither of those is a realistic option. The second is (slightly) more realistic, but it would be a decade of work even assuming MS started this minute.

    To make things worse, when Microsoft makes UAC comprehensive (like in Vista) people whine that it's too annoying. When they make it looser (like in Windows 7) people whine that the protection on rundll isn't sufficient. I almost feel sorry for Microsoft, because there's literally no way they could make everybody happy.

    So what should Microsoft be doing?

    --
    Comment of the year