Windows 7 testers found UAC security issue in beta version

Microsoft went to minimize the annoyance of User Account Control in Windows 7,but some Windows 7 beta testers say they have found a serious vulnerability that could enable miscreants to turn off UAC without any user interaction.

Microsoft developer Long Zheng, author of the blog istartedsomething, on Friday posted a proof-of-concept for the vulnerability in the Windows 7 beta, and said it stemmed from Microsoft's efforts to make UAC in Windows 7 less annoying than it was when it was introduced with Windows Vista.

UAC boosts security by reducing application privileges from administrative to standard levels with a goal of minimizing the damage caused by exploits, and giving users the chance to approve or disapprove actions through pop-up dialog boxes. But many Vista users found the constant, nagging pop-up alerts UAC generated to be intolerable, and the solution, at least for some users, was simply to turn off UAC. That's why Microsoft designed a new UAC Control Panel in Windows 7 that gives administrators more control over UAC alerts.

Windows 7's default UAC setting is to alert users only when third-party programs try to make changes to a PC, and not when users make changes to Windows settings. According to Zheng, because Windows 7 considers changes to UAC as changes to Windows, no alert would be generated by turning UAC off completely, which is why this issue has dangerous implications. "You could automate a restart after UAC has been changed, add a program to the user's startup folder and because UAC is now off, run with full administrative privileges ready to wreak havoc," Zheng wrote in a blog post. The good news, according to Zheng, is that Microsoft could easily address the issue of UAC without detracting from its security benefits by forcing UAC prompt in Secure Desktop mode whenever changes are made to UAC.