Re: Windows 7 UAC flaw silently elevates malware access---Weak links in

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Windows 7 UAC flaw silently elevates malware access---Weak links in chain of trust

Subject: Re: Windows 7 UAC flaw silently elevates malware access---Weak links in chain of trust
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Thu, 05 Feb 2009 10:47:45 +0000
Newsgroups: comp.os.linux.advocacy
References: <27b30585-4b04-4c46-b6a3-1d465f6d9e4f@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <2021451.vZ1idJQ3U3@xxxxxxxxxxxxxxx> <fb9177a3-d873-4925-bacc-1c87986f1eb1@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <zbidnddBp8l3LRfUnZ2dnUVZ8sednZ2d@xxxxxxxxxxxxxx>
User-agent: KNode/0.10.9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____/ Phil Da Lick! on Thursday 05 February 2009 09:27 : \____

> nessuno@xxxxxxxxxxxxxxxxxxx wrote:
>> On Feb 4, 3:09 pm, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> ____/ Investigative Reporter Web server on Wednesday 04 February 2009 22:30
>>> : \____
>>>
>>>
>>>
>>>
>>>
>>>> ness...@xxxxxxxxxxxxxxxxxxx wrote:
>>>>> <Quote>
>>>>> Researchers have uncovered yet another flaw in Microsoft's Windows 7
>>>>> beta that could allow attackers to gain full administrative privileges
>>>>> by bypassing the operating system's UAC, or user access control....
>>>>> "Unfortunately this flaw is not just a single point of failure,"
>>>>> writes security blogger Long Zheng. "The breadth of Windows
>>>>> executables is just too many and too diverse and many are
>>>>> exploitable." ...
>>>>> </Quote>
>>>>> http://www.theregister.co.uk/2009/02/04/windows_uac_flaw/
>>>> <Quote>
>>>> Both researchers say they've received word that Microsoft has already
>>>> changed the UAC behavior in internal Windows 7 builds. A Microsoft
>>>> spokesman said he was looking into the matter. We'll update if we hear
>>>> back. In the meantime, Windows 7 users may want to set UAC to "high."
>>>> <Quote>
>>> They must already be "high" is they run BetaVista7.
>> 
>> The article also said that Microsoft faces its usual problem, if they
>> want to make things secure, they make things inconvenient for users,
>> ergo, users do insecure things.
> 
> And yet that doesn't change the fact that the ISVs *need* to be
> inconvenienced on this. Basic security *has* to go into 7.

_Financial_ security (MSFT).

- -- 
                ~~ Best of wishes

Roy S. Schestowitz      |    Have you hugged your penguin today?
http://Schestowitz.com  |  RHAT GNU/Linux   |     PGP-Key: 0x74572E8E
         run-level 5  Jan 22 15:13                   last=S
      http://iuron.com - help build a non-profit search engine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmKw9EACgkQU4xAY3RXLo61JACdHLjJp5ZTvnhRW9ZrUP3iTGyZ
8xoAn0V26kI0IbW12DzxNIgyahJpAjGT
=02Fh
-----END PGP SIGNATURE-----

References:
- Re: Windows 7 UAC flaw silently elevates malware access---Weak links in chain of trust
  - From: Roy Schestowitz
- Re: Windows 7 UAC flaw silently elevates malware access---Weak links in chain of trust
  - From: nessuno@xxxxxxxxxxxxxxxxxxx

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index