(Semi OT) UAC exploit possible via fake dialogs?

Hi all,
I was thinking about the possibility to fake the UAC prompt for
credentials by a malicious process, in order to get the admin password.
In example, a malicious process shows a fake UAC dialog prompting for
Admin credentials when started, and then stores the admin password for
later sending or wathever. Since Vista shows too many UAC dialogs, I
think we will enter the admin credentials in a mechanichal way, so this
exploit could be possible and easy to implement.
I'm missing some important technichal data about UAC which prevents
this? What do you think?

Fernando

I read somewhere the UAC will be a bit less intrusive in the future.. but I
thinkif some program did want to put up a "fake" UAC you'd still have to give
it permission to run.. and then it would also run into the Firewall later on
assuming you have that enabled also.

"Fernando" wrote:

> Hi all,
> I was thinking about the possibility to fake the UAC prompt for
> credentials by a malicious process, in order to get the admin password.
> In example, a malicious process shows a fake UAC dialog prompting for
> Admin credentials when started, and then stores the admin password for
> later sending or wathever. Since Vista shows too many UAC dialogs, I
> think we will enter the admin credentials in a mechanichal way, so this
> exploit could be possible and easy to implement.
> I'm missing some important technichal data about UAC which prevents
> this? What do you think?
>
> Fernando
>

Think the following: If I put on a system a custom made executable which on
run shows a fake UAC dialog and it doesn't requires privileged credentials
to run, the true UAC never shows, and if this executable never connects to
the outside and only stores admin passwords on file, in example, to allow
later retrieval, it also never gets the firewall prompt. Think about a lot
of people, normal Windows users, which never complains about security, then
may be it will be a serious security problem.


"Jason" <Jason@discussions.microsoft.com> wrote in message
news:8CD1694A-72CD-41E9-8D5C-DF2ECDD66C31@microsoft.com...
>I read somewhere the UAC will be a bit less intrusive in the future.. but I
> thinkif some program did want to put up a "fake" UAC you'd still have to
> give
> it permission to run.. and then it would also run into the Firewall later
> on
> assuming you have that enabled also.
>
> "Fernando" wrote:
>
>> Hi all,
>> I was thinking about the possibility to fake the UAC prompt for
>> credentials by a malicious process, in order to get the admin password.
>> In example, a malicious process shows a fake UAC dialog prompting for
>> Admin credentials when started, and then stores the admin password for
>> later sending or wathever. Since Vista shows too many UAC dialogs, I
>> think we will enter the admin credentials in a mechanichal way, so this
>> exploit could be possible and easy to implement.
>> I'm missing some important technichal data about UAC which prevents
>> this? What do you think?
>>
>> Fernando
>>