• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control

February 4, 2009

Views: 6,789

[ad]

It seems like Windows 7 is already creating some controversy even though it’s still in BETA. Just like Vista it also has UAC (User Access Control) which a lot of people disable completely because they find it irritating (myself included).

When that happens, the boundary between security and usability has crossed too far and the control becomes useless because people just remove it.

Thankfully in Windows 7 they have made it more configurable with 4 levels to choose from which offer various levels of protection vs usability (level 4 is the same as Vista and it comes default at level 3).

The controversy is with a VBScript run in user-mode the UAC can be disabled (set to level 1) without any kind of prompt happening.

A controversy erupted last week with the revelation by a researcher that it is possible for a user-mode program in Windows 7 to disable User Access Control in the default configuration. My first reaction to this was that it was bad, but it’s a beta and it will be fixed. Now I’m getting the vibe from Microsoft that it won’t be fixed and I can see their argument. It still leaves me uncomfortable though.

For those of you unfamiliar with the specific problem, in Windows 7 the default behavior of UAC was changed so that the user is not prompted for access to Windows programs, such as control panel applets, as they are in Vista. UAC also no longer uses the “secure desktop” mode for confirmation by default.

And a new control panel is provided to let the user choose the behavior of UAC in Windows 7. There is a slider control with 4 levels: level 4 is the same as Vista, with all the same prompting for system-level changes and secure desktop; level 3, the default, is the same as level 4, but doesn’t prompt for changes in Windows settings, like the control panel; level 2 is the same as level 3, but does not use the secure desktop; and level 1 shuts off UAC; no prompting at all. The secure desktop is a special mode in which you can only interact with the UAC prompt, and no other software.

It’s not really a vulnerability in the traditional sense of the word as it’s a design choice by Microsoft and only occurs under a certain set of circumstances. For example the user must be running as Administrator for a program to be able to disable UAC without prompting.

So if the machine is set up properly and day to day usage is logged in under a non-privileged account this won’t be an issue anyhow. The problem I see is, how often does that really happen?

Everyone just uses the Administrator account, so this could be a real problem.

The proof of concept showed a user-mode program which spoofed keystrokes and mouse movements to change the setting from the default down to level 1.

What bothered me was that this was user-mode code. It seemed to me that it sort-of violated at least the spirit of UAC by indirectly elevating privilege through an external program, which level 3 is supposed to prompt. The author of the attack proposed what seemed a sensible solution: force a prompt, one that requires secure desktop, for that one case. The heart of the argument for making this a special case is that users would expect from level 3 that it would protect them from elevation changes from external programs.

There was a lot of hyperbole about this issue. There are many legitimate arguments that this isn’t so bad a problem, and in fact not surprising at all. Some of them are made in Roger’s Security Blog, who closes with the point that a lot of the criticism is hypocritical, amounting to calls for more rigid prompting from people who complained about it in Vista..

The more I’ve thought about it, the more I think Microsoft is right not to make a change here. Here are the major arguments for this position.

The fact still remains, for this to be an issue – the user has to run a piece of untrusted code (even if it’s ‘just’ a VBScript) and once that has happened you can assume the machine is compromised anyway.

I’d imagine the script to carry out the actions will soon enough be flagged by Anti-virus software rendering it a little less of a threat.

Either way I’ll be paying close attention to the insecurity security of Windows 7 – I hope you will too.

Source: eWeek

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Exploits/Vulnerabilities, Windows Hacking Tagged With: hacking-windows, windows, windows 7, windows 7 security, windows-security



Reader Interactions

Comments

  1. cbrp1r8 says

    February 5, 2009 at 3:06 pm

    I’ll stick w/ Linux. :D

  2. Morgan Storey says

    February 6, 2009 at 2:56 am

    @Darknet: Your comments section is broke. I wrote a really long reply but it came up with a javascript error/possible spammer, as it does occasionally. Let me know when it is fixed and I will contribute then :(

    Sorry, there was an error. Please enable JavaScript and Cookies in your browser and try again.

    Status:

    * JavaScript is enabled.
    * PHP detects that cookies appear to be enabled.

    This message was generated by WP-SpamFree.

    If you feel you have received this message in error (for example if both statuses above indicate that JavaScript and Cookies are in fact enabled and you have tried to post several times), please alert the author of this blog, and let them know they need to view the Technical Support information.

  3. Darknet says

    February 6, 2009 at 8:09 am

    It’s not broke and it’s either this or a captcha. Just copy your comment to the clipboard before you submit like most normal people do :)

  4. Morgan Storey says

    February 6, 2009 at 11:52 am

    I usually do put it on the clipboard, then sometimes even into a document, I once had about 7 posts sitting in my Darknet document. This is not how many other sites work.
    A captcha would be better, or logins, most people hit submit and simply expect it to actually submit what they have typed not have to backup their post.

  5. navin says

    February 6, 2009 at 12:37 pm

    ++1 :)
    Darknet must’ve gotten used to our “Akismet is broke” or “The Woprdpress antispam plugin is broke” comments!! ;)

  6. Bogwitch says

    February 6, 2009 at 7:27 pm

    Oh, for Pete’s sake, not logins. Captch’s are not that much nicer, imo. Darknet, if you’re going to use captcha, at least use re-captcha so I feel as though I’m doing something useful.

    @Morgan, it is a pain, but ^a^c is not too hard a price to pay to keep the spam out of here, is it? It seems to be working….

  7. Morgan Storey says

    February 6, 2009 at 11:53 pm

    @Bogwitch: it isn’t that hard but as I don’t have to do it anywhere else I post I forget to do it here, eventually that lapse costs me.
    I agree captcha’s would be nicer and recaptcha is easy and giving something back, and iirc it is free.
    Maybe if the page where so full of javascript we could successfully press back and re-submit our comments but we can’t

    For a site that enjoys user comments I would be of the opinion that any that are lost could be disastrous as it could cause a new user to simply not visit the site anymore.

  8. Darknet says

    February 7, 2009 at 7:35 am

    Ok I’ll turn off WP-Spamfree for the moment, if it makes too much work for me though I’ll put reCaptcha in.

  9. Bogwitch says

    February 14, 2009 at 11:54 am

    Darknet, please turn it back on!!!!

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 298

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 591

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 556

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 594

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 451

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 676

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,297,573)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,103)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,638)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,691)
  • Password List Download Best Word List – Most Common Passwords (933,521)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,170)
  • Hack Tools/Exploits (673,298)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,183)

Search

Recent Posts

  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy