Microsoft confirm, UAC security flaw in Windows 7

By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are […]

By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are signed with a special Microsoft Windows 7 certificate. As such, control panel items are signed with this certificate so they don’t prompt UAC if you change any system settings.

To demonstrate how easy it is to automate the disabling of UAC, Rafael wrote a VBScript. An obvious fix for this “issue” would be to force the adjustment of UAC parameters to be confirmed by a human. Until Microsoft addresses this “issue”, you can set UAC to its highest mode to kill any concerns you may have.

Source:→ Long Zheng