Slashdot Mirror

← Back to Stories (view on slashdot.org)

UAC Whitelist Hole In Windows 7

Posted by Soulskill on from the time-for-some-creative-rebranding dept.

David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"

2 of 496 comments (clear)

  1. Re:Mend it or end it? by fat_mike · · Score: 1, Offtopic

    Seriously, it is 2009, can we knock off the stupid M$.

  2. Re:If it was easy-- by newcastlejon · · Score: 0, Offtopic

    I never heard of that. All the cars I have owned either prevent you from locking the driver's door when it's open or unlock the door if you close it when it's locked. (I assume you might bypass this by holding the handle as you described) For myself, I'd simply suggest that you lock doors after you use them rather than during.

    --
    If God forks the Universe every time you roll a die, he'd better have a damned good memory.