Is There an Even Bigger Security Hole in Windows 7's UAC?
Posted 02/05/09 at 05:16:51 PM by Mark Edward Soper
Comments
Print
Email
Earlier this week, our own Josh Kamperschmidt told us how scripts could be used to disable Windows 7's UAC. Well, that's just the prelude to a potentially even bigger security issue: according to Long Zhen of the I Started Something blog, Windows 7's "improved" UAC can be disabled by malicious software that is coded for auto-elevation. Auto-elevation is a feature that enables software being run by Administrators to skip the annoying "do you want to run this program" prompt that has made Windows Vista's version of UAC one of its most controversial features, not to mention one of the "I'm a Mac" commercials' favorite targets. Unlike the proof-of-concept exploit reported earlier, this one doesn't prompt you to reboot the system: it works silently.
So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:
Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.
To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.
Zhen recommends that you set Windows 7's UAC slider control to "Always Notify" as a workaround until Microsoft changes how UAC works in Windows 7. Unfortunately, making this change would make Windows 7's UAC just as annoying as Vista's.
Will Microsoft fix this apparent flaw in UAC? Or is it a flaw? The Engineering Windows 7 blog points out that Windows 7 is designed to stop malware from getting on the system in the first place [fixed bad link 2-5-09]. Before you decide what to do with UAC, take a look at both sides of the issue.
Well this puts this matter
Submitted by Taz0 on Fri, 02/06/2009 - 9:20am
Well this puts the matter to rest:
- With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.
Full article: http://blogs.msdn.com/e7/archive/2009/02/05/uac-feedback-and-follow-up.aspx
The rationale makes no sense
Submitted by Skiplives on Fri, 02/06/2009 - 9:27am
So we shouldn't worry about how easy it si for a program to change the security settings because the maleware filter is "perfect"? Oh yeah, I like that idea.
[Edit: Because posting from a blackberry is not a good idea]
Thats why its BETA
Submitted by gibsurfer84 on Thu, 02/05/2009 - 5:41pm
As long as this is fixed, and it hopefully will be, I have no bad vibe about it. The product is in beta for these reasons and to help secure and improve the product before its released. I hope we find more problems NOW rather than later, when people have paid for it.
Submitted by Skiplives on Fri, 02/06/2009 - 9:31am
Why should the levels be accessable to change by a program at all?
Your security level should be one of those things that is a very manual process. After all most people only set it once and forget about it.
[Edit: because posting from a blackberry on a train is not a good idea]
Submitted by MrNaPaLm32 on Thu, 02/05/2009 - 5:12pm
I find it puzzleing that they would think rundll can be completely trusted.
Must Read Articles
Feature
Review
Feature
Feature
Feature
Most Popular Articles
This Month's Issue
FEATURE Windows XP/Vista/7 Tips!FEATURE Monitor Roundup: 7 LCDs ReviewedHOW TOMaster PhotoshopFEATUREAMD's Awesome New GPUWHITE PAPEROrganic LEDs
Technology News
Computer Cooling Fans
Computer Cases
PC Game Controllers
PC Games
Computer Hardware
Headphones
MP3 Players
Stream Video
Computer Mouse
Monitors
Motherboards
NAS Storage
Networking
Laptop Computers
DVD Burner
Digital Cameras
Portable Storage
Computer Accessories
Smartphone
Antivirus Software
Sound Cards
Speakers
Computer Systems
Thumb Drives
Video Cameras
Video Card Reviews
Water Cooling
Gadgets
- Keyboards
© 2009 Future US, Inc. All Rights Reserved.