Soon after identifying a controversial design decision related to the default implementation of UAC in Windows 7, Beta tester Long Zheng identified another issue with UAC in Windows 7 that is of greater concern. In a nutshell, because of the inherent trust that Windows 7 places on internal Microsoft code or code signed by Microsoft, the default setting of UAC in Windows 7 (at least in its current Beta form) allows a malicious application to autonomously elevate themselves to full administrative privileges without UAC prompts or turning UAC off. You can read the full blog post from Zheng to get the nitty gritty details. This flowchart is from Zheng’s blog post and illustrates the logic flow of how UAC processes decisions and how that decision process can be exploited to execute malicious code:
There has also been some debate about the ethics of disclosing these issues publicly. Some have argued that it is irresponsible to share this information publicly while others have defended Zheng and claimed that Microsoft has been unresponsive unless their is public backlash. I definitely think that issues should be shared with the vendor in secret rather than disclosed publicly in order to allow the vendor time to address the issue beore letting the world know how to exploit it. However, I also know that many security researchers are frequently frustrated by the lack of response and some issues remain for months after the vendor has been notified.
Zheng addresses some of the comments related to the first UAC disclosure and his stance on vulnerability disclosure and on Windows 7 in this blog post:
“In Microsoft’s defense, some people have also argued UAC is not a “security boundary”, a vague term in my books. I argue because UAC is designed to enforce privileges (processes cannot jump to any privilege they want) and control privileges (prompts for privilege changes) it is a security feature. If a security feature can be maliciously and silently bypassed or turned off, I would consider that a security flaw.
Finally, to clarify my perspective on the whole issue, Windows 7 is a great operating system and these UAC issues are just two particular cases in a very small list of notable issues. I disagree with how Microsoft had handled the original issue but I’m sure with the wider public feedback it received we will end up with a more secure operating system as a result. In no part am I trying to “derail” Windows 7’s success run, but ensuring the default security policy is adequately safe for current and future users.”