iTWire - Microsoft admits it messed up Windows 7 security

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Microsoft admits it messed up Windows 7 security

Microsoft admits it messed up Windows 7 security

E-mail

by Davey Winder
Friday, 06 February 2009
Page 1 of 3 Following a week where no less than two security flaws were reported in Windows 7 which were officially dismissed and not constituting a vulnerability, it seems there has now been a rather huge change of mind at Microsoft and a frankly astonishing confession. Microsoft has been at the sharp end of the flawed security stick this week, and the funny thing is it seems that they both made the stick and have been responsible for the continued prodding with it. Featured Whitepaper 5 Best Practices for Smartphone Support In an attempt to make all six versions of Windows 7 less irritating than Vista, Microsoft decided to change the default action of the User Account Control (UAC) feature so that it no longer pops up for permission every time changes are being made to the OS. People have been asking questions of Windows 7 security for some time, so it should come as no surprise that it did not take long for the security research community to twig that this could be a little on the silly side when talking about system security. The problem being that by allowing certain digitally signed third party executables to bypass UAC by default, Windows 7 becomes exposed to the potential of piggybacked third party code. Malware can exploit elevated instances of rundll32.exe to point to malicious payloads which inherit the UAC OK from the parent process. One researcher, Long Zheng, writes about how he developed a fully functional proof-of-concept app in VBScript to easily disable UAC entirely. So that is two UAC related Windows 7 security flaws in a single week. You might think that Microsoft would take them seriously, very seriously indeed. Yet the initial response was one of total denial: "Microsoft’s position that the reports about UAC do not constitute a vulnerability is because the reports have not shown a way for malware to get onto the machine in the first place without express consent" said spokesman Jon DeVaan. More detail about the Windows 7 security flaws and more on that Microsoft U-turn follows on page 2... STORY CONTINUES << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking