A pair of investigators say they have found a way to bypass the User Account Control feature in Microsoft's Windows 7 beta.
User Account Control (UAC) is a Windows security feature, introduced in Vista, that checks whether a user really intends to launch a program or whether malware is at work. It can also be used by companies to restrict user administration rights on a PC.
Graphics student Long Zheng said in a blog post last week that he and developer Rafael Rivera have come up with a method to turn off the feature in the Windows 7 beta.
As UAC in Windows 7 is set by default to 'Notify me only when programs try to make changes to my computer' and 'Don't notify me when I make changes to Windows settings"', Zhong said he asked Rivera to write some code that would emulate a user changing those settings.
Rivera wrote a proof-of-concept program in VBScript that would emulate the keyboard inputs to disable UAC without triggering any Windows alerts. One of the implications of this is that an attacker could automate a restart of an affected PC and add a malicious program with full administrative rights, Zhong wrote in his post last week. The proof-of-concept code is available through a link in that post.
Microsoft had not responded to a request for comment on the issue from ZDNet UK at the time of writing.
However, Zhong later said he had received a response from Microsoft denying that he and Rivera had discovered a flaw. According to Zhong, Microsoft's reasoning was that the malicious code would have to be running on the PC for it to turn UAC off, but the act of implementing that malicious code in the first place would have triggered an UAC alert.
Microsoft has said it put the UAC system of user privileges into Vista in an effort to make it more difficult for users to inadvertently execute malicious programs.
However, the feature was heavily criticized in 2007 by security company Kaspersky, who said that its system of alerts was so annoying that users would switch it off. Microsoft recognized that users could be confused by UAC, and responded in Windows 7 by giving the user greater control over the alert mechanism.
Play video
There are currently no comments for this post.