Short: Windows 7 (beta build 7022) white list loses one

committed to database on February 13, 2009 at 2:07 am Eastern Standard Time 10 comments digg this

Last week, I published a list of auto-elevate flagged binaries shipped with the Windows 7 beta. Analysis of the recently leaked build (7022) indicates Microsoft unset this flag on wmpconfig.exe, for whatever reason. One down, over a hundred to go.

  1. Tommo February 13, 2009 at 6:51 am

    hehehe. yay.

  2. Tom February 13, 2009 at 10:24 pm

    Good deal.

  3. werejag February 14, 2009 at 1:01 am

    why just that single exe

  4. Tommo February 15, 2009 at 12:08 pm

    @werejag Excelent question, dear boy!

    Soooooooooooo, Rafael? Anyone? … Microsoft?

  5. Rafael February 15, 2009 at 12:09 pm

    If I knew guys, I would’ve posted it! :)

  6. Dan February 16, 2009 at 12:24 pm

    wmpconfig is a helper app for WMP used to execute administrator commands. It sounds like the ideal candidate for auto-elevation.

    However it looks like it’s only used to manipulate the network sharing service for WMP, and the DVD parental control level. Such things wouldn’t need to be done frequently so auto-elevation wouldn’t be necessary…

    http://msdn.microsoft.com/en-us/library/bb262178(VS.85).aspx

  7. werejag February 17, 2009 at 11:54 am

    so they really didnt do something becuase of rafeal’s find

  8. Leo Davidson February 18, 2009 at 5:07 am

    werejag:

    It’s hard to say at this point. Build 7022 is the latest built to have leaked to the public but it’s still an old build which pre-dates Rafael’s Rundll32 (etc.) discovery.

    Microsoft are not making it easy for others to check/verify what they are doing to improve upon the UAC issues. Rather than let us help them make something that’s (more) secure, it feels like they want to ignore/dismiss the issues as much as possible and just go with what they’ve got, with a few band-aids over the axe wound more for PR purposes than anything else.

    They still have not bothered to even ask me for the full details of my code-injection exploit, despite my offer.

    Sadly, it seems the PR band-aids are working so far on most people. My code-injection exploit hit The Register last Friday and straight away was met with people saying MS had already fixed it in the comments, ignorant of the fact it was a different issue which MS had said nothing about and of the fact that nobody has been able to validate exactly what MS have changed or fixed.

    I imagine people’s attitudes will change if the first release candidate comes out and there are still big holes in UAC. It’s surely in Microsoft’s interests to work with us now and avoid the bad PR of them saying they’d fix something but turning out not to have done so (in any meaningful way). Unless they’re just going to put their heads in the sand and try to dismiss the whole thing with illogical/contradictory arguments. (e.g. “Local process elevation isn’t important, but UAC prompts are still needed for third-party code, even though we’re happy to allow them to be bypassed by malicious code.”)

  9. Kevin Nguyen February 27, 2009 at 10:16 pm

    Leo, it seems this issues is getting quieter every day.

    Has MS responded in anyway to the issues?

  10. Мурат October 18, 2009 at 4:43 am

    Народ в подобных случаях так говорит – Ах, ах, а пособить нечем. :)

Copyright(c), left, top, and bottom.
Powered by WordPress, skinned by me, with ideas stolen from Long Zheng.
RSS is fed through machines that also process peanuts and chocolate, making it much tastier.
Works on mobile devices too!