Re: UAC security hole?




Steve Thackery;847441 Wrote:
The following article:

'IT Dojo | TechRepublic.com'
(http://blogs.techrepublic.com.com/itdojo/?cat=3)

....shows a way of running UAC-restricted programs without a UAC
prompt.
Basically, you create the restricted program as a task in Task
Scheduler,
set it to "Run with highest privileges", and then create a shortcut to
the
task.

From then on you can run the program without the UAC prompt.

Regardless of what you think about UAC, doesn't this sound like a
fairly
serious security breach? Bearing in mind that Microsoft have made a
software tool available for UAC-enabling old applications on a
case-by-case
basis, it sounds like they didn't realise you could do it much more
simply
using Task Manager.

I can imagine malware might be able to set up a new task in Task
Manager,
with the highest privileges, and run hostile code without the user
being
prompted.

I'm no expert on Vista's security mechanisms, but do you guys think
this
could be a security hole? Do you expect Microsoft to plug this
particular
"feature"?

SteveT

Hi Steve,

As the UAC operates on task scheduler anyway I think the hole is
plugged. the method you mention is a way for an admin to provide access
to UAC controled apps to a standard user without providing a password.
you still have to go through the UAC to set it up.

hope this clarifies


--
barman58

Regards,
*Nigel*
the beginning of knowledge is the discovery of something we do not
understand.,- frank herbert
.



Relevant Pages

  • Re: Reference Problems Under Windows 7
    ... it seems to me that anyone who turns off UAC who is running as ... doesn't care about security. ... protection by throwing up a prompt to alert them that something's ... But this is no different than your software firewall asking you if ...
    (comp.databases.ms-access)
  • Re: TweakUAC - feedback?
    ... Even with the prompt enabled it still requires the user to be knowledgeable of the application UAC is prompting about. ... developers will take some time. ... The vast majority of windows software should not even need ...
    (microsoft.public.windows.vista.general)
  • Re: Is MS being pressured to retract the UAC feature from the next
    ... For many it is a false sense of security, because even if the software is malware UAC will still permit it's installation if told to. ... The prompt itself is not really a security barrier. ... If anything it's less intrusive if you run Vista with an administrator account with UAC on. ...
    (microsoft.public.windows.vista.security)
  • Re: UAC changes in Windows 7
    ... A more clever solution for securing the white-list would be to use a prompt (similar to UAC, trusted certificate installation, unsigned driver installation, running downloaded files) whenever a program is appended to this list that would alert the user only once and he/she could be free of unnecessary UAC prompts for the rest of his/her life. ... If the file is updated legitimately the installer would be able to update this hash as well but a malicious software using a security hole may not be able to do that. ... The change we made in Windows 7 default UAC settings is that any operation that is necessary to manage windows will not require an elevation - which in technical terms translates into a white list of trusted action / binaries which the user can make perform without UAC prompting from an elevation. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Vista add-ons
    ... by UAC and still have UAC turned on. ... Even with the prompt enabled it still requires the user to be ... developers will take some time. ... The vast majority of windows software should not even need ...
    (microsoft.public.windows.vista.performance_maintenance)