Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Every process has access to free, silent elevation! Proof of concept video


19 Feb 2009   #1

7600 x86
 
 
Every process has access to free, silent elevation! Proof of concept video

Oh boy. This guy shows that becuase of the way the new UAC whitelist works, it is possible to run any command with elevation and not raise a single UAC prompt!

This first video gives some info about how the UAC whitelist works:

Win7Elevate v2 proof-of-concept: Video demonstration of Win 7 Beta UAC flaws and design

And this second video shows his injector program silently wiping the contents of system32 and utterly destroying the (virtual) OS:

Win7Elevate v2 proof-of-concept: A more dramatic video

The conclusion? UAC prompts only provide the illusion of security.

I sure hope this gets fixed before the offical release

My System SpecsSystem Spec
.

19 Feb 2009   #2

XP/win7 x86 build 7127
 
 

nice read garbanzo. Since i am admin, i run high all the time. Nevertheless, if this isnt fixed, alot of users will install this, and run their own accounts as admin and wont think to either change account type or raise UAC elevation....... scary as hell
My System SpecsSystem Spec
19 Feb 2009   #3

Vista Ult64, Win7600
 
 

Hi,thanks for the read ,I sure hope they fix it fast ,at this stage I don't know if I should be just scared of UAC, or terrified of it.
My System SpecsSystem Spec
.


19 Feb 2009   #4

7600 x86
 
 

the scary part about this is not that stupid users can misuse it, it's that it can be used maliciously! even with UAC on, malicious code can use the methods this guy is using to basically take control of a user's system without them knowing about it.

at first the UAC whitelist just pissed me off because it is anti-competitive, since only windows processes can be whitelisted. now, it's clear that it represents a very serious security threat. these videos have been online for about 3 weeks now, i'm surprised i've not heard about this.

am i overreacting? is this not as bad as it seems?
My System SpecsSystem Spec
19 Feb 2009   #5

XP/win7 x86 build 7127
 
 

Quote   Quote: Originally Posted by garbanzo View Post

am i overreacting? is this not as bad as it seems?
We are on the same boat here. This is quite unbelievably unbelievable. How about a blacklist type option.... i mean calc and notepad? seriously!
My System SpecsSystem Spec
19 Feb 2009   #6

windows 7 X64
 
 

sense viruses have to make it on the computer in the first place to do damage wouldnt a program like that have to make it on the computer to deal the deathblow..?

seems like its nothing a good virus scan and smart computing cant take care of
My System SpecsSystem Spec
19 Feb 2009   #7

Windows 7 Ultimate x64 SP1
 
 

You're forgetting about drive-by downloads and the like.

Quote:
In April 2007 researchers at Google discovered hundreds of thousands of web pages performing drive-by downloads.
Drive-by download - Wikipedia, the free encyclopedia
My System SpecsSystem Spec
19 Feb 2009   #8

windows 7 X64
 
 

Quote   Quote: Originally Posted by Airbot View Post
You're forgetting about drive-by downloads and the like.

Drive-by download - Wikipedia, the free encyclopedia
doesnt most good virus scans prevent those as well... kaspersky or whatever seems to block alot of adds and webpages that come up as shady..
My System SpecsSystem Spec
19 Feb 2009   #9

Windows 7 Ultimate x64 SP1
 
 

True, but a lot of people don't run AV's and the UAC will provide some protection against DBD's. And having both is better than just one, AV's can miss things, especially when new kinds/types of malware are made and spread about all over the place everyday. Zero Day threats that most AV's haven't had the chance to catch up with their malware definations fast enough.
My System SpecsSystem Spec
Reply

 Every process has access to free, silent elevation! Proof of concept video




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:24 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33