There has been a lot of discussion lately regarding Windows 7′s User Account Control (UAC) and “flaws” that have been exposed with it. Long Zheng and Rafael Ravera were the first ones to point out a very severe flaw with UAC which Microsoft claimed was “by design”. It took Microsoft a few days to respond regarding the UAC issue but today they finally posted a rebuttal on their Windows 7 Engineering website.
Essentially their response comes down to “there are other security measures built into Windows 7″ many of which surround Internet Explorer. No offense Microsoft but I don’t think that will comfort those that use other Internet browsers or enjoy knowing their computer is secure on all levels. After reading their rather lengthy response I came to the conclusion that they believe minimal UAC is better for marketing.
Since posting their original findings Rafael Ravera has posted a follow up on his site showing how malware could use rundll32.exe or any other auto-elevated binary to elevate themselves. Malware creators are very smart and will take advantage of every one of these flaws. It will only be a matter of time until we start seeing malware exploiting UAC.