Windows7 UAC whitelist: code-injection vulnerability (and more)

And when I thought the RC for Windows 7 is going to be a hit, it turns out that while running an administrative account, most of original Windows 7 .exe's auto-eleviate their rights by default, without asking user for a permission. Given that many people are accustomed to run on administrative accounts, this poses a security hole.

More: http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

No comments: