Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Kernel Vulnerability Bypasses UAC

Posted by timothy on from the happy-thanksgiving-everyone dept.

xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."

20 of 303 comments (clear)

  1. Bad omen? by ScrewMaster · · Score: 5, Funny

    this could be a very bad omen for Windows users.

    Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

    --
    The higher the technology, the sharper that two-edged sword.
    1. Re:Bad omen? by ColdWetDog · · Score: 4, Insightful

      Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

      The traditional method of bypassing the UAC has been the average user mindlessly clicking "OK". Have you got a patch for that which does not involve firearms, poisons or BDSM stuff?

      --
      Faster! Faster! Faster would be better!
    2. Re:Bad omen? by michelcolman · · Score: 5, Funny

      You could occasionally give them a box like "Do you want to allow the following program etc...", program name "wipeharddisk.exe", File origin "compromised internet site" and then give them a big red box with "You stupid idiot!" if they click "Yes" anyway. At least one out of every three boxes should be of this kind, and of course various program names, publishers and origins should be used. After three of those "idiot" boxes, next time show them a progress bar with "wiping hard disk...".

    3. Re:Bad omen? by ScrewMaster · · Score: 4, Funny

      Yep. Their computers turn into zombies.

      And what do zombies do? They suck out your brains. It's a vicious circle.

      --
      The higher the technology, the sharper that two-edged sword.
    4. Re:Bad omen? by WrongSizeGlass · · Score: 4, Insightful

      And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

      I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

    5. Re:Bad omen? by ScrewMaster · · Score: 4, Insightful

      I found that they had gone back to Explorer (Firefox "didn't look the same")

      Get them this.

      Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?

      Doesn't matter. So far as she's concerned, they're going to get told. We'll try to make the transition as easy as possible, but sometimes you just have to bite the bullet. It's her computer, and those are her kids, and they'll do as they're told. Her husband couldn't care less so long as he can get his email and go to a few Web sites he needs. The kids are the big problem. I also told her we could just get them their own computer, and when they break it ... tough. Maybe then they'll start to learn a little respect. They've wasted enough of their mother's time, not to mention mine.

      --
      The higher the technology, the sharper that two-edged sword.
    6. Re:Bad omen? by ScrewMaster · · Score: 4, Insightful

      And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

      I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

      Or it's just as infected but they're just dealing with it since they're too cheap to pay you what you're worth. Which is just the same so far as you're concerned, I agree.

      --
      The higher the technology, the sharper that two-edged sword.
    7. Re:Bad omen? by Gadget_Guy · · Score: 5, Insightful

      When has anyone, especially Microsoft, ever cared about them?

      What a completely uncalled for comment. When did Microsoft care for clueless home users? When half their market share was with clueless home users. When they implemented the UAC (the corporate world already knew to setup limited domain user accounts). When they came out with the free Microsoft Security Essentials, which was designed for home users. When they implemented automatic updates because clueless home users never applied service packs. Or maybe when they did a better job of locking down the default settings in the latest Windows/Internet Explorer.

      Sure, they don't do a perfect job, as this case shows. But you will find privilege escalation bugs on most operating systems and Microsoft WILL come out with a patch to fix the bug. All the clueless home users have to do is wait for it to be automatically downloaded and applied.

    8. Re:Bad omen? by ScrewMaster · · Score: 4, Insightful

      What a completely uncalled for comment.

      Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

      Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.

      --
      The higher the technology, the sharper that two-edged sword.
    9. Re:Bad omen? by Gadget_Guy · · Score: 4, Interesting

      Nothing you said there has ANYTHING to do with Microsoft not caring about "clueless home users". I called you on that comment and you just changed the subject.

      You say Microsoft misread the importance of the Internet. Absolutely, although it was 15 years ago! But what has that got to do with them not caring about home users?

      You claim Windows can't be used safely on an untrusted network? That is false, the current version ships with the firewall turned on and most of the useless network services turned off. Gone are the days when you would be infected within 15 minutes of connecting to the Internet with a vanilla install.

      Despite what you say, you don't have to install a third party firewall and run third party anti-malware software. My original post to you linked to the free Microsoft supplied anti-malware software. Why did you just ignore that? All the reports that I have seen about it have been quite positive.

      And I still don't see any evidence of Microsoft ignoring the plight of clueless home users.

    10. Re:Bad omen? by LO0G · · Score: 4, Interesting

      Normally I don't feed the trolls, but...

      Every measurement I've seen indicates that malware authors are profit driven. The reason they find exploits is to drive revenue (in the past this wasn't the case, but for the past 10 or so years it is). Let's take this as a given (if you can find evidence that malware authors aren't profit driven, we can reconsider this, but I suspect you won't).

      Finding an exploit costs money - you need to spend your time to find it or you need to pay someone to find it. Either way, you're out cash money - that's an expense for the malware author.

      Assuming that the malware author has a limited budget for exploits (which is likely to be true), the malware author is going to want to maximize their return on investment.

      Further, let's assume that the cost of finding an exploit is the same on all platforms (that's not true btw - Charlie Miller has said that it's far easier to find exploits on OS X than it is on Windows, but let's just assume that the cost is the same).

      If I pay $10000 for a Windows exploit (the amoun of the pwn2own prize), I can target 90% of the computer users out there. If I pay for an OSX exploit, I can target about 6% of the computer users out there, and if I pay for a Linux exploit, I can target about 4% of the users out there (the market share numbers are roughly accurate, but obviously vary by country - for instance OSX has about a 10% share in the US but only 4% worldwide).

      So how does the malware author maximize the return on their investment? Obviously they want to chose the one that gets them the most victims for their money. And that choice is Windows - 90% vs 6% vs 4% means that for a given amount of effort, the OS with 90% market share will always return a higher ROI than the OS with 6% or 4%.

      The only thing that will change this dynamic is if either the cost for exploits for OSX and Linux goes dramatically down OR if the market share for OSX and Linux dramatically increases.

      All software has bugs. Anyone who works in software engineering knows that. It doesn't matter what operating system you're running, they all have bugs. And some percentage of those bugs will result in an EoP. It doesn't matter what operating system - every OS I've known has had EoP bugs in them.

      As long as an operating system can run arbitrary applications (in other words, it's not locked down like iOS is), the very nature that allows you to run arbitrary programs allows you to exploit EoP vulnerabilities in the OS.

    11. Re:Bad omen? by caluml · · Score: 4, Funny

      There was a .exe - I can't remember what that rebooted a Windows box with no warning. We were trying to educate people about not clicking attachments blindly (this was around the Melissa/Iloveyou time), so I renamed it to do-not-run-this.exe or something equally similar, attached it to an email, wrote in the email NOT to run it, and sent it to the company (about 70 people).

      I then had to put up with people complaining that their computer rebooted, and they lost work they were working on.

      --
      Get your own free personal location tracker
  2. Re:Not with my cheese helmet! by Monkeedude1212 · · Score: 4, Insightful

    I run everything with Administrator privs... oh snap!

    Well, as long as you know everything you run is malware free, there is absolutely nothing wrong with that.

  3. UAC? by Forrest+Kyle · · Score: 4, Funny

    They bypassed the UAC? We're DOOMED!

  4. Re:Requires code to be run by gstoddart · · Score: 5, Informative

    noscript is not regular browsing

    No, it's better. It's like browsing that goes all the way to 11. Much of the suck just magically disappears.

    --
    Lost at C:>. Found at C.
  5. Re:Back to the drawing board by Bert64 · · Score: 4, Insightful

    Developing an entirely new os is about the worst thing microsoft could possibly do from a business perspective...

    Currently their single biggest selling point is compatibility, sure as you point out compatibility with something that has a fundamentally flawed design but still compatibility... If they were to ditch compatibility, then users would have to ditch all their existing apps (especially legacy apps which may be abandonware) and learn a completely new system thats not been tried and tested...

    In other words, they would now saddle themselves with the biggest disadvantages associated with other platforms while offering none of the advantages of those platforms...
    Microsoft ditching compatibility with all their legacy cruft would probably be the best news apple and linux distros could ever receive.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  6. Well, go ahead and tell them what then by Sycraft-fu · · Score: 4, Insightful

    Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system. So show us a framework or example of some kind where users have the full control they must over personally owned systems, yet the system is 100% secure over bad code. Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).

    If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.

    That being the case, stop whining.

    For this particular thing, this is a local privilege exploit. It is a bug, a mistake, one that will be fixed. If you Google around you'll find that Linux has had plenty of these through out its history. Something is done wrong such that a program can elevate when it isn't supposed to. They are bugs to be patched, but not super critical since you still have to get malicious code on to the local system and get it to execute. They are more of a concern on multi-user systems but even then it is rarely a panic situation.

    So seriously, enough with this "OMG MS just needs to make a 100% perfectly secure OS!" shit. It shows massive ignorance of how complex and OS is, and what all you have to balance. No problem with that, you needn't learn about it if you don't want, but then don't argue from a position of ignorance and assume that they could make a perfect OS if only they wanted to bad enough.

    No security is perfect. People who do security in the real world, physical security, have always known this. For some reason many people who do virtual security delude themselves in to thinking it is different. No it isn't, there is no perfect security. So have defense in depth. Be mindful of where you visit on the web, don't download random shit, run a quality virus scanner that checks data as it comes in from the web, use a deprivileged browser (somethign in protected mode, if your browser supports it), have a firewall, have UAC turned on, think before you execute a program. None of that is perfect, none of that is something that can't ever fail, but with layers of protection if one fails, you've others to fall back on.

  7. Re:Registry by Spad · · Score: 5, Insightful

    "The flaw is related to the way in which a certain config file is interpreted..."

  8. Vulnerabilities are VERY profitable for Microsoft. by Futurepower(R) · · Score: 4, Interesting

    "I'm hard pressed to decide if Microsoft is unwilling, or just unable, to ever fix it."

    Microsoft top managers achieve vulnerabilities by not allowing Microsoft programmers to finish their work, apparently. Since Microsoft has a virtual monopoly on operating systems installed on computers you can buy, the vulnerabilities make Microsoft more money because the average person cannot fix an infected computer and buys a new computer with another copy of Windows. See the New York Times article: Corrupted PC's Find New Home in the Dumpster.

    The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.

    Another solution is to use anti-trust law to make Windows more fair for buyers. Should users of Windows Vista pay for an entirely new version of Windows, when Vista was troublesome and a court case showed that Vista was knowingly released before it was ready? There are only small differences between Windows Vista and Windows 7. Why should users pay for an entirely new copy of Windows?

    It is my opinion that the present practices of selling something almost everyone with a computer must have are unfair and against the common welfare. Microsoft lost an anti-trust case, but there was never any penalty.

  9. Re:It's simple economics by vux984 · · Score: 4, Insightful

    And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.

    Just because I didn't elaborate doesn't mean I haven't thought about it.

    Personally, I'm pretty confident that the majority of malware infections are PEBKAC.

    Drive by / remote exploit malware certainly do exist out there, but its not THAT prevalent. You can go months, even years using a Windows PC without an infection with just windows firewall, and keeping your PC up to date. I've done it. Countless others have too.

    The clusterfucks of malware ridden pcs that some people routinely turn their computers into are, in my opinion primarily at least initially installed by the end user. They fall for the social engineering, go for the shiny offer, and escalate the installer so that it can have its way with the PC and bring all its friends...

    You make osx or even linux the dominant OS, where all that social engineering, and shiny crapware will start targeting OSX and linux. The same users who try to install the britney spears naked screensaver will click on the brintey_spears_naked.dmg and enter their computer password in os x.

    Right now its not worth it for that class of malware writers to do it today. So britney_spears_naked_screensave.dmg malware isn't constantly thrown in your face. Its simple economics.

    a) First, OSX and Linux combined is still single digit marketshare. Right out of the gate, Windows is where the ROI is.

    b) Second, what little marketshare OSX and Linux have are disproportionately more sophisticated users that won't fall for the bullshit anyway.

    If you are likely to be sucked in by malware bullshit then you are likely ignorant, unsophisticated when it comes to computers... and you walk into a BestBuy or Walmart... you are exactly the demographic being targeted by malware, and you'll walk out with a windows PC.

    Move all --those-- people onto linux or OSX and I have no doubt the malware will follow them, and they'll happily install it.