New Windows Kernel Vulnerability Bypasses UAC

xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."

Bad omen?

[ScrewMaster]

this could be a very bad omen for Windows users.

Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

Re:Bad omen?

[K.+S.+Kyosuke]

Well, we have natural selection for that. ;-)

Re:Bad omen?

[Yvan256]

I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.

Re:Bad omen?

[michelcolman]

You could occasionally give them a box like "Do you want to allow the following program etc...", program name "wipeharddisk.exe", File origin "compromised internet site" and then give them a big red box with "You stupid idiot!" if they click "Yes" anyway. At least one out of every three boxes should be of this kind, and of course various program names, publishers and origins should be used. After three of those "idiot" boxes, next time show them a progress bar with "wiping hard disk...".

Re:Bad omen?

[ScrewMaster]

Yep. Their computers turn into zombies.

And what do zombies do? They suck out your brains. It's a vicious circle.

Re:Bad omen?

[ScrewMaster]

I always upgrade my Linux distro by sharpening the edge of the DVD-R it's burned on. That's how I stay on the cutting edge.

That's nothing. I use that sharpened DVD to cut myself to pieces. That's how I stay on the bleeding edge.

Re:Bad omen?

Only I convinced her to get a Mac.

Wow, why not just perform a full-frontal lobotomy on her instead?

I mean, you've basically done the computer-realm equivalent of that to her anyway...

Re:Bad omen?

[caluml]

There was a .exe - I can't remember what that rebooted a Windows box with no warning. We were trying to educate people about not clicking attachments blindly (this was around the Melissa/Iloveyou time), so I renamed it to do-not-run-this.exe or something equally similar, attached it to an email, wrote in the email NOT to run it, and sent it to the company (about 70 people).

I then had to put up with people complaining that their computer rebooted, and they lost work they were working on.

UAC?

[Forrest+Kyle]

They bypassed the UAC? We're DOOMED!

this could be a very bad omen?

[nurb432]

No, but the 'windows startup sound' is.

Re:Of course

[Myopic]

I don't hate UAC because it's from Microsoft. I hate UAC because I think it is totally stupid that I have to change a filename, then say yes I want to change the filename, then say yes I really want to change the filename, then say yes I really, really want to change the filename. Four times? Why is four times the magical threshold between security and insecurity? For me, the number of times is zero (I know when I want to change a filename, and no amount of dialog boxes is going to change my mind, so they serve no purpose) or one time (thanks for the reminder, let me consider it a second time), but three times? four? Why not ten times? or more?

I hate UAC because it makes Windows even more unusable. It is, absolutely and without a doubt, the number one thing I hate about my career. I have not been successful finding jobs that I want to do and in which I can completely get away from Windows. I hate it for what it is, not because it's from Microsoft.

This is the end of my rant for now, but I reserve the right to bitch about Windows as often as it pisses me off, which is a lot.