Comments on: Short: Windows 7 Release Candidate auto-elevate white list

By: Due video che mostrano l’insicurezza di Windows 7 « Guiodic Blog

Due video che mostrano l’insicurezza di Windows 7 « Guiodic Blog — Wed, 31 Dec 1969 18:00:00 +0000

[...] riportavo anche il problema dell’elevazione automatica dei privilegi. In sostanza alcuni eseguibili del sistema sono inseriti in una white list. Se si fa parte di questa lista, il sistema di [...]

By: Tutto quello che c’è da sapere su Windows 7 « Guiodic Blog

Tutto quello che c’è da sapere su Windows 7 « Guiodic Blog — Wed, 31 Dec 1969 18:00:00 +0000

[...] al fine di ridurre le richieste di autorizzazione (il famoso UAC di Windows Vista) alcuni programmi di sistema (task manager, controllo volume, Pannello di controllo e diversi altri) avranno la possibilità di [...]

By: Zorkzero

Zorkzero — Wed, 31 Dec 1969 18:00:00 +0000

There’s an open source application for WIndows XP and Vista called Surun http://kay-bruns.de/wp/software/surun/ , that solves the problem, that UAC was designed to solve. It allows you to run as normal user and to easily run programs with elevated rights and you don’t need to type any password. It also allows you to easily administer your machine.

What do you think? Why can’t MS do what a single open source developer has done?

By: AlphaAlien

AlphaAlien — Wed, 31 Dec 1969 18:00:00 +0000

I like how msconfig is also there allowing 3rd party software to tweak any setting for startup, system services auto-run, and even disable uac entirely without UAC elevation.

Is it really that hard to implement a sudo style jail that can figure out basic user intent? If I open a dialog and decide to edit preferences in it prompt me and then don’t prompt me for that application again for a set period of time. Prompts are good, but crying wolf for every little detail is just as bad as allowing backdoors because your program managers are lazy.

By: At least 62 gaping security holes in Windows 7 Release Candidate « Reformed Musings

Wed, 31 Dec 1969 18:00:00 +0000

[...] 7’s User Account Control (UAC) can be bypassed. The situation is even worse than that. Rafael’s Within Windows documents 62 executables in Windows 7 that can autoelevate their security clearance by way of a Microsoft-generated white list without [...]

By: sirus

sirus — Wed, 31 Dec 1969 18:00:00 +0000

@ Leo
You have indeed risen a problem, I thought Microsoft guys have already taken care of that problem.

By: Leo Davidson

Leo Davidson — Wed, 31 Dec 1969 18:00:00 +0000

@Vitaliy:

The injection stuff only works if you’re running in admin-approval mode. If you’re doing over-the-shoulder elevation then nothing can silently created elevated “blessed” MS COM objects, not even Microsoft’s “blessed” executables like Explorer.exe, MSPaint.exe, Calc.exe, etc. Nothing can silently elevate at all. Same as if you turn UAC up to the always-prompt level, which gets you back to what was the default in Vista.

Switching to standard user accounts and over-the-shoulder elevation cannot be what Microsoft seriously expect people to do, though.

By adding silent elevation methods for their own code MS are acknowledging that Vista’s admin-approval UAC prompts were too annoying for too many users. (IMO, most of that annoyance was really due to the way Explorer etc. trigger far too many prompts, not the prompts themselves, but MS have chosen to give themselves a dodgy backdoor rather than refactor their code like everyone else is expected to, which is pathetic.)

Over-the-shoulder elevation is even more annoying than admin-approval mode, since you have to keep typing passwords instead of simply clicking buttons, so it’s hard to imagine MS seriously expect people to switch to that.

By: Vitaliy

Vitaliy — Wed, 31 Dec 1969 18:00:00 +0000

By default user is in Administrators and HomeUsers groups. Does this injection still works if I remove user from Administrators group and add him to Users group (I will use local Admin. accaount for admin. tasks)? After this change UAC asks me Administrator password every time it needs to elevate. And nothing seems broken.

By: hp7

hp7 — Wed, 31 Dec 1969 18:00:00 +0000

I noticed that \Windows\System32\sdbinst.exe is still on the list, and that was one of those that the list for build 7000 marked as “interesting from an elevate my own code standpoint”.

By: Windows 7 Has 62 Uplifting EXEs | The Minority Report

Windows 7 Has 62 Uplifting EXEs | The Minority Report — Wed, 31 Dec 1969 18:00:00 +0000

[...] I found this list from Rafael on which EXE’s in Windows 7 will be able to auto-elevate without actually prompting the user. Click after the jump for the actual list. Back in February, I posted a list of applications that have the authority to automatically elevate without prompt in Windows 7. This list has been shortening over the months, with the Release Candidate build featuring the shortest list of now only 62 entries. Short: Windows 7 Release Candidate auto-elevate white list – Within Windows [...]

By: Leo Davidson

Leo Davidson — Wed, 31 Dec 1969 18:00:00 +0000

I checked in the RC and my code injection thing ( http://www.pretentiousname.com/misc/win7_uac_whitelist2.html ) still works so anything that wants to silently elevate under the default Win7 UAC settings still can.