Comments on: Windows 7 auto-elevation mistake lets malware elevate freely, easily

By: Second Exploit Surfaces for Windows 7 UAC | M5Forum Technology Daily

Second Exploit Surfaces for Windows 7 UAC | M5Forum Technology Daily — Wed, 03 Mar 2010 22:38:18 +0000

[...] rundll32 is used to load a library and call a specific function with parameters, malware could then exploit this by using a proxy application to: invoke rundll32.exe, with the payload library as a parameter [...]

By: ы

Sun, 17 Jan 2010 09:33:51 +0000

so why auto-elevating control panel applets? imho this is unnecessary.
I think I can stand pressing the “Ok” button in elevation window once or twice a week.

By: Windows 7 UAC whitelist: Code-injection Issue (and more) « Jasper Blog

Windows 7 UAC whitelist: Code-injection Issue (and more) « Jasper Blog — Tue, 05 Jan 2010 14:34:21 +0000

[...] Rafael’s Within Windows: Windows 7 auto-elevation mistakes lets malware elevate freely, easily [...]

By: Airport Parking Sydney

Airport Parking Sydney — Tue, 08 Dec 2009 23:25:34 +0000

Ms has made another careless mistake and running rundll32 again &&& not learning from vista is beyond me.

By: Pearl Tech » Blog Archive

Pearl Tech » Blog Archive — Mon, 27 Jul 2009 15:55:28 +0000

[...] in the week, independent researchers Rafael Rivera and Long Zheng described an exploit that could turn off the UAC prompt, which typically notifies [...]

By: Why upgrade to Vista when Windows 7 will be here soon? | OS Attack

Why upgrade to Vista when Windows 7 will be here soon? | OS Attack — Thu, 28 May 2009 14:43:23 +0000

[...] change with UAC in Windows 7 that essentially makes it less secure than Windows Vista. Rafael of Within Windows then posted about applications that have been White Listed and are automatically elevated to the [...]

By: бaкинeц

бaкинeц — Mon, 18 May 2009 12:55:43 +0000

Глубокоуважаемые, а нельзя оставлять комментарии по теме, а не разную глупость типа Автор молодец и т.д.

By: Tutto quello che c’è da sapere su Windows 7 « Guiodic Blog

Tutto quello che c’è da sapere su Windows 7 « Guiodic Blog — Mon, 11 May 2009 10:02:23 +0000

[...] In realtà non c’è bisogno che il programma venga direttamente infettato. E’ possibile realizzare semplicemente un malware che esegue uno di questi programmi e assume i privilegi di amministratore [...]

By: Software Source Update » Blog Archive » Windows 7 silently elevates malware access

Sun, 10 May 2009 02:29:03 +0000

[...] Rafael Rivera Jr. has released proof-of-concept code that demonstrates how unauthorized third-party software can elevate its privileges and install [...]

By: George

George — Wed, 11 Mar 2009 06:07:46 +0000

This is one of the strangest proof of concept flaws I’ve ever seen. I totally understand how injecting a dll into a white listed app could exploit this. Would it not be better for the functions requiring admin privilledges to check if the invoker is white listed and if not, then prompt? That seems like an easier option.

By: List of Windows 7 (beta build 7000) auto-elevated binaries - 【windows7 Home】

List of Windows 7 (beta build 7000) auto-elevated binaries - 【windows7 Home】 — Fri, 06 Mar 2009 12:40:40 +0000

[...] my last post regarding Windows 7’s new “auto-elevate” flag (and potential issues with such a system), I mentioned compiling a list of all the flagged [...]

By: blogger » Blog Archive » Microsoft changes Windows 7 UAC due to new exploit code

Wed, 25 Feb 2009 23:42:47 +0000

[...] will … automatically elevate the process to High Mandatory Level, executing your payload wearing an administrative hat," Rivera said in a post to his blog early this [...]

By: Second Windows 7 beta UAC security flaw: malware can silently self-elevate with default UAC policy | Window7s

Fri, 20 Feb 2009 20:48:39 +0000

[...] Without going into too much detail, as you already may know from the previous postings, Windows 7 has the ability automatically elevates Microsoft-signed applications and code which specifies “auto elevation” to mitigate the number of UAC prompts. Rafael Rivera has more details how this works. [...]

By: Second Windows 7 beta UAC security flaw: malware can silently self-elevate with default UAC policy « Window7s

Fri, 20 Feb 2009 19:23:11 +0000

By: Mac OS X Dialog Box Spoofing—Believe Me, I’m System Preferences

Mac OS X Dialog Box Spoofing—Believe Me, I’m System Preferences — Tue, 10 Feb 2009 17:33:23 +0000

[...] While analyzing the recent OSX.Iservice.B threat I noticed some interesting API calls that were dealing directly with the Mac OS X authorization mechanism. There are plenty of interesting analyses and discussion about Windows UAC, both regarding Vista (Ollie’s post) or the recent Windows 7 UAC. [...]

By: Microsoft responds to UAC criticism in Windows 7 and fixes design flaws | IT Knowledge Hub

Mon, 09 Feb 2009 15:28:27 +0000

[...] in Windows 7 RC, you will always be prompted when the UAC level is changed to prevent any malicious scripts from silently changing your UAC level and taking over your computer. For everybody using Windows 7 [...]

By: Microsoft responds to UAC criticism in Windows 7 and fixes design flaws | Windows 7 Center

Sun, 08 Feb 2009 18:12:01 +0000

By: 4sysops - Windows 7 UAC vulnerabilities

4sysops - Windows 7 UAC vulnerabilities — Fri, 06 Feb 2009 23:15:25 +0000

[...] Rafael Rivera again wrote a proof-of-concept. He uses a proxy application, which he called Catapult.exe, that launches Cake.dll. With the default UAC setting, Windows will run Cake.dll with admin privileges without issuing a prompt. You can verify that if you set the UAC setting to “Always notify me”. If you start Catapult.exe with this configuration, you will get a UAC prompt. [...]

By: Il web cambia la decisione di Microsoft sull’UAC di Windows 7 | Windows 7 Blog

Fri, 06 Feb 2009 22:52:00 +0000

[...] sul lavoro di Rafael Rivera Long Zheng ha dimostrato che la combinazione di elevation automatica di software [...]

By: Latest Second Windows 7 beta UAC security flaw: malware can silently self-elevate with default UAC policy | Gadget on Gatzet Info

Fri, 06 Feb 2009 05:54:49 +0000

By: Xtreem0

Xtreem0 — Thu, 05 Feb 2009 23:57:58 +0000

http://blogs.zdnet.com/microsoft/?p=1914 there is an update where apparently they say they have fixed it. Mined you we may not see the fix untill final releace

By: UAC in Windows 7 is like a screen door on a submarine | OS Attack

UAC in Windows 7 is like a screen door on a submarine | OS Attack — Thu, 05 Feb 2009 20:00:45 +0000

[...] posting their original findings Rafael Ravera has posted a follow up on his site showing how malware could use rundll32.exe or any other [...]

By: Boycott Novell » Turkey, France, United Stated Under Attack by Microsoft Windows Insecurities

Thu, 05 Feb 2009 17:40:30 +0000

[...] status (beta) that wrongly indicates maturity, the operating system is not secure and it keeps looking worse as people study it more closely. As you probably know by now, Windows 7 introduces some new in-between modes for User Account [...]

By: » Microsoft: UAC security setting not changing (for now) | All about Microsoft | ZDNet.com

Thu, 05 Feb 2009 15:48:45 +0000

[...] the entire UAC security-setting controversy, I’ll just point to a few posts about it from Within Windows, Istartedsomething, and yours truly. [...]

By: Nicky

Nicky — Thu, 05 Feb 2009 13:21:01 +0000

Although I’m currently at work and havent yet tried hack created by the author, I will try it when I get home and post my results.