New Windows Kernel Vulnerability Bypasses UAC

xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."

Re:Bad omen?

[Dolphinzilla]

so if you read the story and watch the video - there is a very simple registry mod which will disable the exploit - so its something that can be deployed on a large scale (like at my company) pretty easily

Re:Requires code to be run

[gstoddart]

noscript is not regular browsing

No, it's better. It's like browsing that goes all the way to 11. Much of the suck just magically disappears.

Re:Bad omen?

[ScrewMaster]

Linux kids aren't smart enough to know shit about the NT kernel. How can they patch something they literally know nothing about?

Hate feeding trolls, but just for clarity's sake, I was making a joke based upon the closed-source nature of Windows, and its inability to utilize outside developer resources for maintenance.

Nothing to do with UAC

[harryjohnston]

This is a perfectly ordinary elevation-of-privilege vulnerability. Just like every other elevation of privilege vulnerability it also happens to be capable of bypassing UAC's split-token protection, but the vulnerability itself isn't related to UAC in any way.

In particular, if the workaround suggested in the article is correct, this vulnerability can't be used to escape from Internet Explorer Protected Mode (the other major function of UAC).

Re:Back to the drawing board

[fuzzyfuzzyfungus]

The OS9/OSX change was, ironically, actually a demonstration of A)how hard it can be to change your OS from the ground up and B)how Apple wasn't up to the challenge.

Back in the System 7 days, Apple started "Copland [wikipedia.org]" as a next-gen OS to remedy the numerous and hilarious deficiencies in their existing OS. The project was a miserable failure and, after about as much schedule slipping as Apple could afford at that time, they took it out back, shot it, and bought NeXT, and then proceeded to adopt more or less everything but the name as the foundation for their new OS. Even with the "grabbing an entire, largely complete, OS from a third party" tactic, OSX only made it to release in 2001, with the Copeland project having been started in 1993.

It wasn't really a "rewrite" at all, more of a grafting of some APIs from the old OS, and some UI conventions(though not all, OS9 die-hards are still bitching about how much OSX's finder sucks...) onto an entirely new OS. The rewrite attempt foundered horribly.

Microsoft's OS leaping attempts were actually pretty similar(except that I'm not sure they ever even pretended to have the in-house expertise to transform the DOS-based Windows versions into something resembling a real OS). Their DOS-based Windows versions sucked, architecturally, so they hired a bunch of serious DEC guys to build them a whole new, architecture-independent OS. That was NT. They then grafted on the win32 API and, by around Windows 2000, had finished bringing over all the UI conventions that 95-98-ME users would expect(NT 3.X is actually a pretty alien experience, if you are expecting Windows...)

There is probably some example of a "Hey guys, let's rewrite our OS" story actually going well, without the invocation of a deus-ex-machina outside team; but neither Apple nor Microsoft really qualify.

Re:Bad omen?

[Anonymous Coward]

why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?

*Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*

Re:Bad omen?

[Anonymous Coward]

And then they band together and make the rest of suffer when they start spewing out spam (which filtering does not fix - it only creates a SEP (Somebody's Else's Problem) field which nicely hides the problem, just like the proverbial ostrich with its head in the sand) and gobbling up loads of network bandwidth.

It's simple economics

[cbhacking]

Most (not all, but most) of the recent remote exploits for Windows are through third-party code present on OS X and Linux as well (Adobe Reader, Flashplayer, and Java are the big three recently). Those programs are vulnerable on other platforms too, but weaponizing and deploying an exploit is expensive, and they're not worth the return on investment.

In situations where return on investment is equal for each platform, or where OS X or Linux are dominant, there have certainly been exploits. See the Pwn2Own contests for an example of how easily OS X can be compromised, even before Windows was. See the smartphone market, in particular iPhone jailbreaks (which are no more or less than remote root exploits), for what happens when people actually bother to find and exploit vulnerabilities in Apple's code.

As for the inevitability, that's dead easy. Malware is business, and has been for years. For each platform, there are two relevant numbers: cost to produce a useful exploit, and value (income) from releasing that exploit. Currently, the former number is relatively high for Windows - it's been picked over pretty hard, and a lot of security hardening has gone into it. Again, see things like Pwn2Own.

However, the latter number - the money you can make with a good Windows exploit - is far, FAR higher. Many millions of dollars higher. The difference between that value on Windows and that value on other desktop operating systems is such that it's not worth developing malware for them if you could do it for free (i.e. be compensated for your time). If you're going to spend the time writing malware for desktop operating systems, there just isn't any target that makes sense other than Windows.

To answer your question more directly, try a few hundred million. That's how many you need to come close to the number of Windows installations. Depending on the value-difficulty equation, it might not take a number equal to that of Windows - for example, the untapped market may be easier to monetize, increasing the income - but it will require that market shares become roughly equivalent.

Re:Not with my cheese helmet!

[cbhacking]

As long as everything you run is *vulnerability* free, you mean. Actively running malware (Trojans) is certainly a major problem, but in general running Firefox as admin is more dangerous than running IE as a standard user (the fact that there's a local EoP vulnerability just announced notwithstanding).

Re:Vulnerabilities are VERY profitable for Microso

[Anonymous Coward]

'The average person being unable to fix an infected computer has absolutely nothing to do with Microsoft's "monopoly".'

If the average person had Linux, which has fewer and less serious vulnerabilities, there would be less problem with infected computers.

"It is trivially simple [apple.com] to buy a computer without Windows."

Yes, but if you buy an Apple computer you pay 3 times as much. That doesn't make sense for most people.