UAC security hole?



The following article:

http://blogs.techrepublic.com.com/itdojo/?cat=3

....shows a way of running UAC-restricted programs without a UAC prompt. Basically, you create the restricted program as a task in Task Scheduler, set it to "Run with highest privileges", and then create a shortcut to the task.

From then on you can run the program without the UAC prompt.

Regardless of what you think about UAC, doesn't this sound like a fairly serious security breach? Bearing in mind that Microsoft have made a software tool available for UAC-enabling old applications on a case-by-case basis, it sounds like they didn't realise you could do it much more simply using Task Manager.

I can imagine malware might be able to set up a new task in Task Manager, with the highest privileges, and run hostile code without the user being prompted.

I'm no expert on Vista's security mechanisms, but do you guys think this could be a security hole? Do you expect Microsoft to plug this particular "feature"?

SteveT

.