New Windows Kernel Vulnerability Bypasses UAC

xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."

Re:Bad omen?

[ScrewMaster]

And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.

{sigh} Time to come down from the ivory tower, dude. The proof is in the pudding: even if you're right, and Microsoft is truly doing all that it can in this regard (and, let's be clear here, it is not) whatever they are doing is not enough. Not nearly enough.

If you've ever spent an evening cleaning malware from a badly infected Windows system, you will understand exactly what I'm talking about. I don't give a single God DAMN if Microsoft has released some free tool, or if they ship machines with the firewall turned on by default, or turned off unnecessary services. Those are just basic, simple steps that every other OS pretty much did by default (or that any clueful user would have done for himself) and are not, in and of themselves, particularly significant. It also does not explain why an operating system that is specifically marketed to those "clueless home users" doesn't do squat to protect them in the real world (not the world you live in, by the way.)

Yes, we all know that Internet Explorer might as well be Swiss cheese insofar as its ability to block drive-bys and other malware infections is concerned. That's why most of us that have a clue recommend that our friends and family use anything but Explorer. But, in truth, a properly-designed and implemented operating system would never allow an incoming attack to do anything more than see files owned by the current user. But I've seen many Windows systems (XP, Vista and 7, fully-patched) with multiple infections, all of which appeared to have the run of the filesystem. If Windows security has improved so much, that shouldn't be possible ... but it's an everyday occurrence. So whatever Microsoft is doing is empirically, emphatically and obviously insufficient.

So it's nice that you linked to some free Microsoft-supplied anti-malware software. You know what? Of the dozen infections that I had to clean from a friend's computer last night, you know how many that free Microsoft package found? One guess. That's right. ZERO. I had to run several different scanners to get rid of most of them (a couple I had to remove the hard way, removing entries from the registry and manually deleting executables.) Hell, good old Spybot found six infections. So ... tell me again, this time with perhaps a few facts at your command, how Microsoft is protecting its users? Please.

The reality is what it is. Windows boxes are pwned by the millions, and if you consider the token consideration that Microsoft gives those users to be adequate, you just aren't seeing the big picture. Frankly, it's hard to believe that you are naive enough to think that jacking a Windows box (pick any version) onto the Internet without something running a little interference for you is safe. Tell you what: give me your current IP and we'll see just how "secure" your Windows 7 box really is.