Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Windows 7 UAC flaw silently elevates malware access---Weak links in chain of trust

Hash: SHA1

____/ Phil Da Lick! on Thursday 05 February 2009 09:27 : \____

> nessuno@xxxxxxxxxxxxxxxxxxx wrote:
>> On Feb 4, 3:09 pm, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx> wrote:
>>> Hash: SHA1
>>> ____/ Investigative Reporter Web server on Wednesday 04 February 2009 22:30
>>> : \____
>>>> ness...@xxxxxxxxxxxxxxxxxxx wrote:
>>>>> <Quote>
>>>>> Researchers have uncovered yet another flaw in Microsoft's Windows 7
>>>>> beta that could allow attackers to gain full administrative privileges
>>>>> by bypassing the operating system's UAC, or user access control....
>>>>> "Unfortunately this flaw is not just a single point of failure,"
>>>>> writes security blogger Long Zheng. "The breadth of Windows
>>>>> executables is just too many and too diverse and many are
>>>>> exploitable." ...
>>>>> </Quote>
>>>>> http://www.theregister.co.uk/2009/02/04/windows_uac_flaw/
>>>> <Quote>
>>>> Both researchers say they've received word that Microsoft has already
>>>> changed the UAC behavior in internal Windows 7 builds. A Microsoft
>>>> spokesman said he was looking into the matter. We'll update if we hear
>>>> back. In the meantime, Windows 7 users may want to set UAC to "high."
>>>> <Quote>
>>> They must already be "high" is they run BetaVista7.
>> The article also said that Microsoft faces its usual problem, if they
>> want to make things secure, they make things inconvenient for users,
>> ergo, users do insecure things.
> And yet that doesn't change the fact that the ISVs *need* to be
> inconvenienced on this. Basic security *has* to go into 7.

_Financial_ security (MSFT).

- -- 
                ~~ Best of wishes

Roy S. Schestowitz      |    Have you hugged your penguin today?
http://Schestowitz.com  |  RHAT GNU/Linux   |     PGP-Key: 0x74572E8E
         run-level 5  Jan 22 15:13                   last=S
      http://iuron.com - help build a non-profit search engine
Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index