Microsoft Security Essentials lists Windows 7 UAC hack as malware

Leo Davidson released a proof-of-concept showcasing Windows 7 User Account Control feature flaw elevating a command prompt window using the whitelisted explorer.exe process. As of now, Microsoft has failed to fix the flaw, but they’re taking it a step further by blocking the exploit in Microsoft Security Essentials, as HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture).  However, Leo noted that […]
Leo Davidson released a proof-of-concept showcasing Windows 7 User Account Control feature flaw elevating a command prompt window using the whitelisted explorer.exe process. As of now, Microsoft has failed to fix the flaw, but they’re taking it a step further by blocking the exploit in Microsoft Security Essentials, as HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture).  However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.