New Windows Kernel Vulnerability Bypasses UAC

← Back to Stories (view on slashdot.org)

New Windows Kernel Vulnerability Bypasses UAC

Posted by timothy on Thursday November 25, 2010 @06:03AM from the happy-thanksgiving-everyone dept.

xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."

5 of 303 comments (clear)

Bad omen? by ScrewMaster · 2010-11-25 06:04 · Score: 5, Funny

this could be a very bad omen for Windows users.
Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

--
The higher the technology, the sharper that two-edged sword.
1. Re:Bad omen? by michelcolman · 2010-11-25 06:53 · Score: 5, Funny
  
  You could occasionally give them a box like "Do you want to allow the following program etc...", program name "wipeharddisk.exe", File origin "compromised internet site" and then give them a big red box with "You stupid idiot!" if they click "Yes" anyway. At least one out of every three boxes should be of this kind, and of course various program names, publishers and origins should be used. After three of those "idiot" boxes, next time show them a progress bar with "wiping hard disk...".
2. Re:Bad omen? by Gadget_Guy · 2010-11-25 07:33 · Score: 5, Insightful
  
  When has anyone, especially Microsoft, ever cared about them?
  What a completely uncalled for comment. When did Microsoft care for clueless home users? When half their market share was with clueless home users. When they implemented the UAC (the corporate world already knew to setup limited domain user accounts). When they came out with the free Microsoft Security Essentials, which was designed for home users. When they implemented automatic updates because clueless home users never applied service packs. Or maybe when they did a better job of locking down the default settings in the latest Windows/Internet Explorer.
  Sure, they don't do a perfect job, as this case shows. But you will find privilege escalation bugs on most operating systems and Microsoft WILL come out with a patch to fix the bug. All the clueless home users have to do is wait for it to be automatically downloaded and applied.
Re:Requires code to be run by gstoddart · 2010-11-25 06:25 · Score: 5, Informative

noscript is not regular browsing
No, it's better. It's like browsing that goes all the way to 11. Much of the suck just magically disappears.

--
Lost at C:>. Found at C.
Re:Registry by Spad · 2010-11-25 07:19 · Score: 5, Insightful

"The flaw is related to the way in which a certain config file is interpreted..."