uacsecuredesktop

User Account Control in Windows Vista is very annoying but effective.  It succeeded in making the OS more secure and as much as it has been reviled and trashed it fixed many security problems and drastically reduced Vista’s ability to be infected.  Due to the outcry from aggravated users Microsoft decided to make UAC less annoying by not blacking out the screen and bringing the prompt to the front of other applications when a prompt is needed (for the default level and below).

Microsoft’s intentions were good but as intentions go they can come back to bite you.  Long Zheng and Rafael Ravera have found a huge flaw with this new method of UAC implementation and posted it on iStartedSomething after Microsoft basically told them “it’s too late to fix it”.  Their proof of concept (visual basic script) can easily circumvent UAC, set a startup entry and then reboot the computer.  When the computer is booted up again it is without any UAC.

This type of exploit is extremely easy to implement as they show with their application and would make Windows 7 substantially less secure than Windows Vista.  The fix for Microsoft is a very simple one, always enable “secure desktop”.  This is a policy setting that forces the screen to go black and brings the UAC prompt to the front of all other applications.

Microsoft may not want to take the time to fix this but it is extremely important for Windows 7 to flourish in the marketplace, particularly the enterprise marketplace.  While it is easy enough for an enterprise to simply apply a policy and fix Microsoft’s blunder, security issues don’t make for good publicity.

Check It Out> istartedsomething via CrunchGear