Every process has access to free, silent elevation! Proof of concept video
Oh boy. This guy shows that becuase of the way the new UAC whitelist works, it is possible to run any command with elevation and not raise a single UAC prompt!
This first video gives some info about how the UAC whitelist works:
Win7Elevate v2 proof-of-concept: Video demonstration of Win 7 Beta UAC flaws and design
And this second video shows his injector program silently wiping the contents of system32 and utterly destroying the (virtual) OS:
Win7Elevate v2 proof-of-concept: A more dramatic video
The conclusion? UAC prompts only provide the illusion of security.
I sure hope this gets fixed before the offical release
Oh boy. This guy shows that becuase of the way the new UAC whitelist works, it is possible to run any command with elevation and not raise a single UAC prompt!
This first video gives some info about how the UAC whitelist works:
Win7Elevate v2 proof-of-concept: Video demonstration of Win 7 Beta UAC flaws and design
And this second video shows his injector program silently wiping the contents of system32 and utterly destroying the (virtual) OS:
Win7Elevate v2 proof-of-concept: A more dramatic video
The conclusion? UAC prompts only provide the illusion of security.
I sure hope this gets fixed before the offical release
My Computer
At a glance
7600 x86Core 2 Duo e7200, 2.53 ghz2x DDR2 PC5300 1gb, 667 mhzGeForce 9500gt, 512mb
- OS
- 7600 x86
- CPU
- Core 2 Duo e7200, 2.53 ghz
- Motherboard
- Micro-Star MS-7529
- Memory
- 2x DDR2 PC5300 1gb, 667 mhz
- Graphics Card(s)
- GeForce 9500gt, 512mb
- Monitor(s) Displays
- 22" LG Flatron w2234s
- Screen Resolution
- 1680x1050
- Hard Drives
- Excelstor SATA-II 250gb 7200rpm, 8mb cache
- PSU
- CoolerMaster M520
- Internet Speed
- 30/20 mbits