Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Windows 7 UAC Feature Still Vulnerable

17 Jun 2009   #1

win 7 build 7600.16385 x64
Windows 7 UAC Feature Still Vulnerable

The Microsoft blogger who first called attention to a security vulnerability in Windows 7's User Account Control (UAC) feature claims it still exists and that Microsoft won't fix it, even as the company nears final code completion on the OS.

Long Zheng, who writes the popular "I Started Something" blog, has posted a video online showing how UAC, a security feature first introduced in Windows Vista that sets user privileges on a PC in Windows 7, can be exploited.

Zheng also pointed to an instructional document by Microsoft Technical Fellow Mark Russinovich that attempts to explain UAC, saying it clearly states that Microsoft has no intention of fixing a change it made in the UAC in Windows 7 that leaves the new OS less secure because it allows someone to remotely turn the feature off without the user knowing.

Zheng first pointed out this change and its vulnerability back in February. At the time he said that the new UAC "standard user" default setting, which does not notify a user when changes are made to Windows settings, is where the security risk lies. A change to UAC is seen as a change to a Windows setting, so a user will not be notified if UAC is disabled, which Zheng said he was able to do remotely with some keyboard shortcuts and code.
Read more


My System SpecsSystem Spec
18 Jun 2009   #2

windows 8.1 Pro x64

basically I am guessing if they made the change he wants then when toggling the setting you would get a UAC prompt, a small price to pay to fix the exploit I guess.
My System SpecsSystem Spec
18 Jun 2009   #3
xan K

Windows 7 x64

so.... is it safe or not?
My System SpecsSystem Spec

18 Jun 2009   #4

Windows 7 Professional x64

I disable it myself anyway.
My System SpecsSystem Spec
18 Jun 2009   #5
xan K

Windows 7 x64

I wouldn't like that approach, but if it's not working as it should, then why keeping it on? Pitty, now when I got pretty much used to it.
My System SpecsSystem Spec
18 Jun 2009   #6

Windows 7 (x64)

Please keep in mind, this is a Bootkit exploit: Someone has to physically sit down at your computer and use corrupted media to boot the system. It cannot be downloaded, eMailed as an attachment, clickstreamed, hidden in a file for later execution, or any of the other ways people try to hack into your computer.

Also - Keep in mind this is the same way into a computer that technicians use to wipe a forgotten password.

Quite frankly, I'm having a hard time understanding why people appear to have so much sand in their vaginas over this. If Someone Has Physical Access To Your Computer, Then What's Preventing Them From Simply Stealing The Hard Drive? Or Stealing The Whole Thing Outright?
My System SpecsSystem Spec
18 Jun 2009   #7


Looks like some of us will need to go back to using an Antivirus program full-time once again

Im guessing the decision not to fix UAC is a direct result of people like myself who have very good experience using computers who do not use an Antivirus, I can identify trojens and virus's before they are executed and have been able to run without an Antivirus for two years now without a single infection while downloading at least 80gb of data a month (least I do ) Ive tested my system each time a new AV product version has been released and have not found one infection in two years and I can thank UAC for giving Power Users the ability to dump their AV permanently like myself and others have.

Why change a perfectly good security model just for (noobs!) one that completely defeats the purpose of putting it into the system in the first place? Its not like users cant find and change UAC settings If its not fixed then It should just be removed because no one will continue using it, especially if it doesn't offer the security it once did and what people have come to expect.

Microsoft seriously needs to prevent any automated tampering of UAC controls by applications otherwise its not worth anyone ever using and as it stands right now, UAC is dead weight and offers users nothing for the annoyance it causes. I will disable it on all machines I build and sell in the future and advise customers it offers them zero protection
My System SpecsSystem Spec
18 Jun 2009   #8

Windows 7 Ultimate x32

UAC is useless? HA! i knew that when i first used vista. i thought to myself, "you gotta be f%*kin' kiddin' me." now it serves as nothing more that a placebo, i think if you have a firewall, a decent AV, and anti-spyware, you'll be fine. UAC is just another annoying "feature" MS throws in there, to herd sheepish consumers (no offense folks).

XP didnt have it, and I've only gotten a few viruses, but that was due to my own stupidity. Most of which were i said... my bad
My System SpecsSystem Spec
18 Jun 2009   #9

Windows 7 Professional, Windows Longhorn 4074

I think that UAC was created to prevent unauthorized changes to your computer. If someone can turn it off without being authorized to do so, than that's just plain ironic, as well as useless.

For years, Windows has been the choice of computer compainies around the world. Since the 90's, UAC didn't exist, and people didn't have many problems. I think UAC is overrated, but it can be handy when you go to one of those websites that you just can't trust.
My System SpecsSystem Spec
18 Jun 2009   #10

Windows 7 Build 7229 64bit + Vista ultimate 64 bit

UAC is a royal pain, it simply gets in the way. At least the screen does not flicker away as it did in vista ....
My System SpecsSystem Spec

 Windows 7 UAC Feature Still Vulnerable

Thread Tools

Similar help and support threads
Thread Forum
Windows 7 Less Vulnerable Without Admin Rights.
Source -
Windows 7 beta UAC completely vulnerable to malware
TG Daily - Windows 7 beta UAC completely vulnerable to malware Chicago (IL) - An almost unbelievable flaw in Windows 7 beta and Microsoft's User Account Control (UAC) feature - the one designed to keep all of the annoying messages seen in Vista away from its users - allows its protection to be...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:25.
Twitter Facebook Google+