User Access Control in Windows Vista annoyed a lot of people, so Microsoft made a couple of changes to make it “less-annoying” by providing users the option of customizing the frequency of notifications. UAC has also learned to differentiate between changes made by programs, and changes made to Windows settings. Windows distinguishes each through by checking security certificates. Any process or application containing a specific security certificate will not trigger UAC to prompt.

The default settings only notify the user when programs try to make changes to your computer.

The flaw lies in what Windows 7 doesn’t notify – when changes are made to Windows settings, which includes UAC. Since UAC is a built-in Windows security feature, it must have the ceritficate as well right?

Zheng went on to investigate and created a proof-of-concept script with Rafael (the same guy that released all the Unlock Windows 7 Build 6xxx hacks). Turns out he managed to create a script that silently turned UAC off. A more malicious script would be able to go even further and install malicious apps in your startup folder. The reason why this works is because the UAC process contains one of those security certificates, so you are not prompted when changes are made.
Zheng points out a simple fix: Make all UAC modifcations require a prompt. Unfortunately, Microsoft has claimed that his is not a vulnerability and is done “by design.” Looks like Microsoft is telling us we’ll all have to use the highest setting to keep our computer safe…

Related posts:

1. Microsoft responds to UAC criticism in Windows 7 and fixes design flaws After much criticism towards a huge UAC security flaw…
2. Featured Article: Why UAC works and how it can be improved in Windows 7 There’s been a lot of confusion around User Access…
3. First security patch comes out for Windows 7 Earlier today, Microsoft issued an out-of-cycle security patch for Windows…