13
Feb 2009
10 Comments
Short: Windows 7 (beta build 7022) white list loses one

Last week, I published a list of auto-elevate flagged binaries shipped with the Windows 7 beta. Analysis of the recently leaked build (7022) indicates Microsoft unset this flag on wmpconfig.exe, for whatever reason. One down, over a hundred to go.

  • http://tom.is-a-geek.org Tommo

    hehehe. yay.

  • http://tomschaefer.org Tom

    Good deal.

  • werejag

    why just that single exe

  • http://tom.is-a-geek.org Tommo

    @werejag Excelent question, dear boy!

    Soooooooooooo, Rafael? Anyone? … Microsoft?

  • Rafael

    If I knew guys, I would’ve posted it! :)

  • Dan

    wmpconfig is a helper app for WMP used to execute administrator commands. It sounds like the ideal candidate for auto-elevation.

    However it looks like it’s only used to manipulate the network sharing service for WMP, and the DVD parental control level. Such things wouldn’t need to be done frequently so auto-elevation wouldn’t be necessary…

    http://msdn.microsoft.com/en-us/library/bb262178(VS.85).aspx

  • werejag

    so they really didnt do something becuase of rafeal’s find

  • http://www.pretentiousname.com Leo Davidson

    werejag:

    It’s hard to say at this point. Build 7022 is the latest built to have leaked to the public but it’s still an old build which pre-dates Rafael’s Rundll32 (etc.) discovery.

    Microsoft are not making it easy for others to check/verify what they are doing to improve upon the UAC issues. Rather than let us help them make something that’s (more) secure, it feels like they want to ignore/dismiss the issues as much as possible and just go with what they’ve got, with a few band-aids over the axe wound more for PR purposes than anything else.

    They still have not bothered to even ask me for the full details of my code-injection exploit, despite my offer.

    Sadly, it seems the PR band-aids are working so far on most people. My code-injection exploit hit The Register last Friday and straight away was met with people saying MS had already fixed it in the comments, ignorant of the fact it was a different issue which MS had said nothing about and of the fact that nobody has been able to validate exactly what MS have changed or fixed.

    I imagine people’s attitudes will change if the first release candidate comes out and there are still big holes in UAC. It’s surely in Microsoft’s interests to work with us now and avoid the bad PR of them saying they’d fix something but turning out not to have done so (in any meaningful way). Unless they’re just going to put their heads in the sand and try to dismiss the whole thing with illogical/contradictory arguments. (e.g. “Local process elevation isn’t important, but UAC prompts are still needed for third-party code, even though we’re happy to allow them to be bypassed by malicious code.”)

  • Kevin Nguyen

    Leo, it seems this issues is getting quieter every day.

    Has MS responded in anyway to the issues?

  • http://bolpochec.ru Мурат

    Народ в подобных случаях так говорит – Ах, ах, а пособить нечем. :)