Vista Tutorial - UAC security hole?

09-28-2008

The following article:

http://blogs.techrepublic.com.com/itdojo/?cat=3

....shows a way of running UAC-restricted programs without a UAC prompt.
Basically, you create the restricted program as a task in Task Scheduler,
set it to "Run with highest privileges", and then create a shortcut to the
task.

From then on you can run the program without the UAC prompt.

Regardless of what you think about UAC, doesn't this sound like a fairly
serious security breach? Bearing in mind that Microsoft have made a
software tool available for UAC-enabling old applications on a case-by-case
basis, it sounds like they didn't realise you could do it much more simply
using Task Manager.

I can imagine malware might be able to set up a new task in Task Manager,
with the highest privileges, and run hostile code without the user being
prompted.

I'm no expert on Vista's security mechanisms, but do you guys think this
could be a security hole? Do you expect Microsoft to plug this particular
"feature"?

SteveT

**barman58** · 09-28-2008

Quote: Originally Posted by Steve Thackery

The following article:

IT Dojo | TechRepublic.com

....shows a way of running UAC-restricted programs without a UAC prompt.
Basically, you create the restricted program as a task in Task Scheduler,
set it to "Run with highest privileges", and then create a shortcut to the
task.

From then on you can run the program without the UAC prompt.

Regardless of what you think about UAC, doesn't this sound like a fairly
serious security breach? Bearing in mind that Microsoft have made a
software tool available for UAC-enabling old applications on a case-by-case
basis, it sounds like they didn't realise you could do it much more simply
using Task Manager.

I can imagine malware might be able to set up a new task in Task Manager,
with the highest privileges, and run hostile code without the user being
prompted.

I'm no expert on Vista's security mechanisms, but do you guys think this
could be a security hole? Do you expect Microsoft to plug this particular
"feature"?

SteveT

Hi Steve,

As the UAC operates on task scheduler anyway I think the hole is plugged. the method you mention is a way for an admin to provide access to UAC controled apps to a standard user without providing a password. you still have to go through the UAC to set it up.

hope this clarifies

09-28-2008

> The method you mention is a way for an admin to provide access

Quote:

> to UAC controled apps to a standard user without providing a password.
> you still have to go through the UAC to set it up.

OK, so you're saying that malware that attempted to set up such a task would
itself trigger the UAC prompt?

That makes sense. I hope you are right and that there aren't any
workarounds. I'm one of the few people on the planet who actually
appreciates UAC. I'm only too pleased that Vista warns me when something
with security implications is about to happen.

SteveT

**barman58** · 09-28-2008

Hi steve,

Yes that's the way it I believe it operates, the UAC requires user input and the disabling of the desktop (Screen Blanking) means that malware cannot simulate this input.

I too am a believer in the UAC what we need now is for software developers to work to the regime and not write user programs to require Admin rights, which is where a lot of the disstisfaction with UAC comes from. This requirement was within the Spec for XP (just not implemented) so they have no real excuse after all this time. Vista's implementation of the spec will push then in the right direction but I won't be holding my breath. Until this requirement is met Admins who work in the real world will have to resort to these type of workrounds

09-28-2008	#1 (permalink)
Steve Thackery Guest n/a posts	UAC security hole? The following article: http://blogs.techrepublic.com.com/itdojo/?cat=3 ....shows a way of running UAC-restricted programs without a UAC prompt. Basically, you create the restricted program as a task in Task Scheduler, set it to "Run with highest privileges", and then create a shortcut to the task. From then on you can run the program without the UAC prompt. Regardless of what you think about UAC, doesn't this sound like a fairly serious security breach? Bearing in mind that Microsoft have made a software tool available for UAC-enabling old applications on a case-by-case basis, it sounds like they didn't realise you could do it much more simply using Task Manager. I can imagine malware might be able to set up a new task in Task Manager, with the highest privileges, and run hostile code without the user being prompted. I'm no expert on Vista's security mechanisms, but do you guys think this could be a security hole? Do you expect Microsoft to plug this particular "feature"? SteveT
My System Specs

09-28-2008	#2 (permalink)
barman58 Post No Evil ;) Join Date: Jul 2008 Windows 7 RC x64 Vista HP x86 1,682 posts	Re: UAC security hole? Quote: Originally Posted by Steve Thackery The following article: IT Dojo \| TechRepublic.com ....shows a way of running UAC-restricted programs without a UAC prompt. Basically, you create the restricted program as a task in Task Scheduler, set it to "Run with highest privileges", and then create a shortcut to the task. From then on you can run the program without the UAC prompt. Regardless of what you think about UAC, doesn't this sound like a fairly serious security breach? Bearing in mind that Microsoft have made a software tool available for UAC-enabling old applications on a case-by-case basis, it sounds like they didn't realise you could do it much more simply using Task Manager. I can imagine malware might be able to set up a new task in Task Manager, with the highest privileges, and run hostile code without the user being prompted. I'm no expert on Vista's security mechanisms, but do you guys think this could be a security hole? Do you expect Microsoft to plug this particular "feature"? SteveT Hi Steve, As the UAC operates on task scheduler anyway I think the hole is plugged. the method you mention is a way for an admin to provide access to UAC controled apps to a standard user without providing a password. you still have to go through the UAC to set it up. hope this clarifies
My System Specs

09-28-2008	#3 (permalink)
Steve Thackery Guest n/a posts	Re: UAC security hole? > The method you mention is a way for an admin to provide access Quote: > to UAC controled apps to a standard user without providing a password. > you still have to go through the UAC to set it up. OK, so you're saying that malware that attempted to set up such a task would itself trigger the UAC prompt? That makes sense. I hope you are right and that there aren't any workarounds. I'm one of the few people on the planet who actually appreciates UAC. I'm only too pleased that Vista warns me when something with security implications is about to happen. SteveT
My System Specs

09-28-2008	#4 (permalink)
barman58 Post No Evil ;) Join Date: Jul 2008 Windows 7 RC x64 Vista HP x86 1,682 posts	Re: UAC security hole? Hi steve, Yes that's the way it I believe it operates, the UAC requires user input and the disabling of the desktop (Screen Blanking) means that malware cannot simulate this input. I too am a believer in the UAC what we need now is for software developers to work to the regime and not write user programs to require Admin rights, which is where a lot of the disstisfaction with UAC comes from. This requirement was within the Spec for XP (just not implemented) so they have no real excuse after all this time. Vista's implementation of the spec will push then in the right direction but I won't be holding my breath. Until this requirement is met Admins who work in the real world will have to resort to these type of workrounds
My System Specs

Similar Threads
Thread	Forum
Security Hole Lingers.	Security News
Security hole?	Vista security
Big Security Hole in All IE Versions	System Security
Did I put a hole in my Trend Micro security wall?	Vista security
Security hole in Windows	Vista General