Slashdot Mirror

← Back to Stories (view on slashdot.org)

UAC Whitelist Hole In Windows 7

Posted by Soulskill on from the time-for-some-creative-rebranding dept.

David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"

2 of 496 comments (clear)

  1. Re:OSX UAC by flydpnkrtn · · Score: 0, Troll

    e.g. if you can't do something in a Finder window, sometimes you can do it in a terminal window

    Wait, you're talking about doing this on Windows right? s/Finder/Explorer/ and s/terminal/command prompt/ right? Otherwise I'm so confused...

    --
    Here's to the crazy ones
  2. Re:If it was easy-- by that+this+is+not+und · · Score: 0, Troll

    So what should Microsoft be doing?

    They should shut down all further OS development, and throw all their effort at futher and better service packs for W2K and XP.

    Really, they've done enough, and just need to focus for the rest of their existence on cleaning up the mess and maintenance.