2 stage hack on UAC

Discussion in 'Security' started by VistaRocks, May 20, 2007.

  1. VistaRocks

    VistaRocks

    Joined:
    Jan 1, 2007
    Messages:
    372
    Likes Received:
    0
    Location:
    Queensbury,New York. U.S.A.
    I found this on another site, good info.<DIV class=newstitle>Two-Step Windows Vista UAC Hack Published
    </DIV>

    [​IMG]

    Another security researcher has found a way through Windows Vista's heavily hyped User Account Control (UAC) feature. Robert Paveza, a web application developer with marketing firm Terralever, has published a paper demonstrating a two-stage attack which he says allows malicious code to infect Vista systems even from accounts running under the limited privileges afforded by UAC.

    The attack takes advantage of the fact that UAC permissions are somewhat porous, with programs able to ride on the coattails of other processes that are commonly granted higher privileges.

    This is related to one of the flaws in UAC pointed out by security researcher Joanna Rutkowska in February. Rutkowska pointed out that the integrity levels (ILs) put into place by UAC are designed to allow certain breaches.

    [​IMG]View: Complete article
     
    VistaRocks, May 20, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.