Skip to main content
  1. Home
  2. Computing
  3. News

Windows 7 Security Hole

Digital Trends Staff
By

Security researcher Long Zheng has posted notification (along with a proof of concept) of an issue in the beta version of Windows 7. He’s shown how an attacker could bypass the User Account Control (UAC), although he’s also shown how it can be remedied quite simply.

The UAC has been a bane of Vista users, as it notifies the user every time a program tries to alter the system. Many have disabled UAC because of its frequent dialog boxes. In Windows 7, though, Microsoft has granted new rules that allow changes to Windows settings without notification, although other alterations still requite notifying the user.

But, as Zheng pointed out:

Recommended Videos

“The Achilles’ heel of this system is that changing UAC is also considered a ‘change to Windows settings’, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely.”

Related

“We soon realized the implications are even worse than originally thought. You could automate a restart after UAC has been changed, add a program to the user’s startup folder and because UAC is now off, run with full administrative privileges ready to wreak havoc.”

He noted that Microsoft could implement a fix “without sacrificing any of the benefits the new UAC model provides, and that is to force a UAC prompt in Secure Desktop mode whenever UAC is changed, regardless of its current state. This is not a fool-proof solution (users can still inadvertently click ‘yes’) but a simple one I would encourage Microsoft to implement seeing how they’re on a tight deadline to ship this.”

Zheng said he has informed Microsoft of the problem, but the company has insisted that “the functionality is ‘by design’, dismisses the security concerns and again leans towards they will not be addressing the issue for the final release of Windows 7.”

Editors' Recommendations

Digital Trends Staff
Digital Trends Staff
Digital Trends has a simple mission: to help readers easily understand how tech affects the way they live. We are your…
Here’s how two of the best Windows laptops compare to each other
The open Dell XPS 16 on a table.

 

Dell's XPS 16 is a brand-new machine, replacing the larger XPS 17 in size and configuration. What it gives up in potential performance, it tries to make up for with a sleek (and controversial) design. Meanwhile, HP updated its largest convertible 2-in-1, the Spectre x360 16, with a smoothed-out appearance and updated components.

Read more
How to open RAR files on Windows and Mac
Person sitting and using an HP computer with Windows 11.

Similar to zip files, a RAR (Roshal Archive) file is a way to compress multiple files down into a single, high-quality container. Once you’ve downloaded or received RAR content, the only thing you have to do is extract it to gain access to the media and docs within. Unlike zip files though, unpacking a .rar file isn’t as simple as selecting “unzip.”

Read more
How to disable laptop keyboard in Windows
The capacitive touch buttons on the Dell XPS 13 Plus.

If you're using an aftermarket keyboard on your Windows laptop, or find that you accidentally press keys on the built-in keyboard while using the touch screen, it can be a good idea to disable your laptop's keyboard. It's easy enough to re-enable again if you get stuck, but turning it off can be a great way to improve functionality of your laptop if you don't need to use the built in keyboard.

Here's how to disable your laptop's keyboard in Windows.

Read more