Vista's UAC could give a false sense of security

Symantec security researcher Ollie Whitehouse has uncovered an apparent design flaw in Vista's User Account Control security system that he says could fool users into giving a malicious program access to their system. The problem lies with Vista's integrated RunLegacyCPLElevated.exe application, which is designed to allow legacy control panel software to run with elevated privileges, as well as the way UAC prompts have different color headers depending on their origin. An unsigned or unknown program requesting administrative privileges will display a UAC prompt with an orange header, while if a Windows application does the same, the resulting UAC prompt will have a blue-green header.

According to Whitehouse, a piece of malware running in restricted mode could write a malicious control panel DLL file to, say, a user's Documents directory and then call RunLegacyCPLElevated.exe to request administrative privileges. Since RunLegacyCPLElevated.exe is a Windows application, it would display a UAC prompt with a blue-green header saying "Windows needs your permission to continue," potentially fooling the user into thinking the control panel is trustworthy.

Whitehouse went to Microsoft with these concerns and was pointed to this document (Word .DOC) on Microsoft's website that says, "It's very important to remember that UAC prompts are not a security boundary - they don't offer direct protection. They do offer you a chance to verify an action before it happens. Once you allow an action to proceed, there may be no easy way back." Whitehouse concludes by saying UAC is better than nothing, but that he doesn't believe a security system that presents unreliable information is good for user confidence. (Thanks to Neowin for the tip.)

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.