Simple Hack for User Access Control (UAC)

Joanna Rutkowska, an expert looking for breaches related to Windows Vista said that integrity levels (ILs) of User Access Control are designed to allow security breaches.

As reported by PCWorld:

Under Paveza’s attack, the malicious code would ride on seemingly innocuous software that could, in fact, run as advertised and without any elevated privileges needed, leaving the work of infection for later.

“For instance, if users believe they are downloading a ‘Pac-Man’ clone, such a game could be run while the malicious software did its work in the background,” Paveza wrote. “It is important to note that, realistically, once the proxy infection tool has been run on the target machine, the target is effectively infected.”

Meanwhile, the program could create an “executable stub” pointing to a target program that runs at a higher level. The stub would be stored in a place such as the Start menu where the user would click on it thinking to run the original, legitimate higher-level program.

The explanation makes sense on the security of Windows Vista but nevertheless I am glad that a lot of things needs to be in place for the attack to happen — user interaction, privileges, time bound. Back in the XP days, simple email attachments could cause irreparable damages to your system.

I agree with Microsoft that ILs and UACs doesn’t define security boundaries and potential attack entries are not security bugs.

Continue reading here.

Other readings: How to guide to enable or disable User Access Control (UAC).