UAC Whitelist Hole In Windows 7

David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"

Re:Good thing it's a beta

[mspohr]

Unfortunately it's not a bug, or even a design flaw. Microsoft's in the position of trying to placate as many customers as they can. They tried doing security the "correct" way with Vista...

I don't think they did it right in Vista. What good is security that irritates users into clicking OK for everything (and to top if off, still has holes in it)?

I don't understand why they just didn't do it like Linux which has rock solid security and absolutely none of that irritating UAC dialog. They had five years to rewrite the OS and they still did a lame job of security.