Symantec security researcher Ollie Whitehouse has uncovered an apparent design flaw in Vista's User Account Control security system that he says could fool users into giving a malicious program access to their system. The problem lies with Vista's integrated RunLegacyCPLElevated.exe application, which is designed to allow legacy control panel software to run with elevated privileges, as well as the way UAC prompts have different color headers depending on their origin. An unsigned or unknown program requesting administrative privileges will display a UAC prompt with an orange header, while if a Windows application does the same, the resulting UAC prompt will have a blue-green header.
According to Whitehouse, a piece of malware running in restricted mode could write a malicious control panel DLL file to, say, a user's Documents directory and then call RunLegacyCPLElevated.exe to request administrative privileges. Since RunLegacyCPLElevated.exe is a Windows application, it would display a UAC prompt with a blue-green header saying "Windows needs your permission to continue," potentially fooling the user into thinking the control panel is trustworthy.
Whitehouse went to Microsoft with these concerns and was pointed to this document (Word .DOC) on Microsoft's website that says, "It's very important to remember that UAC prompts are not a security boundary - they don't offer direct protection. They do offer you a chance to verify an action before it happens. Once you allow an action to proceed, there may be no easy way back." Whitehouse concludes by saying UAC is better than nothing, but that he doesn't believe a security system that presents unreliable information is good for user confidence. (Thanks to Neowin for the tip.)
|Silverstone's Strider Titanium PSUs are ready for a high-power future||11|
|VR180 video bridges the gap between YouTube and VR||0|
|Steam 2017 Summer Sale, part deux||15|
|Deals of the week: Z270 mobos, spinning storage, and more||4|
|G.Skill readies up for X299 with quad-channel DDR4 at 4200 MT/s||15|
|Asus' VivoBook S510 is an ultrabook for the budget crowd||15|
|Windows Insider Build 16226 gives users a look at GPU utilization||22|
|Steam's 2017 Summer Sale is downright hot||46|
|Asus XG-C100C NIC breaks the gigabit barrier||34|
|Not everyone is familiar with the (excellent) tools in the SysInternals suite. For a better OOTB experience, this is a move in the right direction IMH...||+18|