Forgot your password?
typodupeerror
Microsoft Security Windows Technology

New Windows Kernel Vulnerability Bypasses UAC 303

Posted by timothy
from the happy-thanksgiving-everyone dept.
xsee writes "A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users."
This discussion has been archived. No new comments can be posted.

New Windows Kernel Vulnerability Bypasses UAC

Comments Filter:
  • by Monkeedude1212 (1560403) on Thursday November 25, 2010 @02:11PM (#34343978) Journal

    I run everything with Administrator privs... oh snap!

    Well, as long as you know everything you run is malware free, there is absolutely nothing wrong with that.

  • Re:Bad omen? (Score:5, Insightful)

    by ColdWetDog (752185) on Thursday November 25, 2010 @02:15PM (#34344006) Homepage

    Only if Microsoft doesn't fix it. Of course, somebody sharp could submit a patch ... oh wait.

    The traditional method of bypassing the UAC has been the average user mindlessly clicking "OK". Have you got a patch for that which does not involve firearms, poisons or BDSM stuff?

  • Re:Bad omen? (Score:0, Insightful)

    by Anonymous Coward on Thursday November 25, 2010 @02:25PM (#34344084)
    I had a different take on that line:

    Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.

    Yeah, but aren't they used to that? Don't they secretly like it, or think they deserve it, like the battered woman who keeps going back to her abusive boyfriend because "he's really just misunderstood" and because "he can change, really!" since "he's turning over a new leaf" and "this time he really means it".

    What blows my mind is experiencing that AND paying for the privilege. Microsoft: the alpha male providing proof that nice guys finish last.

  • by Bert64 (520050) <bert AT slashdot DOT firenzee DOT com> on Thursday November 25, 2010 @02:41PM (#34344192) Homepage

    Developing an entirely new os is about the worst thing microsoft could possibly do from a business perspective...

    Currently their single biggest selling point is compatibility, sure as you point out compatibility with something that has a fundamentally flawed design but still compatibility... If they were to ditch compatibility, then users would have to ditch all their existing apps (especially legacy apps which may be abandonware) and learn a completely new system thats not been tried and tested...

    In other words, they would now saddle themselves with the biggest disadvantages associated with other platforms while offering none of the advantages of those platforms...
    Microsoft ditching compatibility with all their legacy cruft would probably be the best news apple and linux distros could ever receive.

  • by causality (777677) on Thursday November 25, 2010 @02:49PM (#34344254)

    Easy buffer overflow problem that shouldn't be hard to fix

    I believe you miss his point.

    It's an easy buffer overflow problem that shouldn't have been hard to prevent if you have even a fraction of the talent and resources at Microsoft's disposal.

    If this bug is as you say, and it exploits "left over junk from older OSes" that only means one thing: there has been more than adequate time for an internal security audit to have found and fixed this bug. Consider the personnel and capital available to the OpenBSD group, then compare that to the personnel and capital available to Microsoft. You're telling me Microsoft couldn't do better than the OpenBSD group?

    Why do so many people want to give Microsoft a pass in these matters? It's hard to think of any other entity in the world that would be more capable of doing better than this. It's obvious they don't give a damn about security as long as the sales keep coming. That's what you want to excuse, portray as understandable, smooth over, and encourage by example in other companies? I won't.

  • by Sycraft-fu (314770) on Thursday November 25, 2010 @02:50PM (#34344262)

    Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system. So show us a framework or example of some kind where users have the full control they must over personally owned systems, yet the system is 100% secure over bad code. Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).

    If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.

    That being the case, stop whining.

    For this particular thing, this is a local privilege exploit. It is a bug, a mistake, one that will be fixed. If you Google around you'll find that Linux has had plenty of these through out its history. Something is done wrong such that a program can elevate when it isn't supposed to. They are bugs to be patched, but not super critical since you still have to get malicious code on to the local system and get it to execute. They are more of a concern on multi-user systems but even then it is rarely a panic situation.

    So seriously, enough with this "OMG MS just needs to make a 100% perfectly secure OS!" shit. It shows massive ignorance of how complex and OS is, and what all you have to balance. No problem with that, you needn't learn about it if you don't want, but then don't argue from a position of ignorance and assume that they could make a perfect OS if only they wanted to bad enough.

    No security is perfect. People who do security in the real world, physical security, have always known this. For some reason many people who do virtual security delude themselves in to thinking it is different. No it isn't, there is no perfect security. So have defense in depth. Be mindful of where you visit on the web, don't download random shit, run a quality virus scanner that checks data as it comes in from the web, use a deprivileged browser (somethign in protected mode, if your browser supports it), have a firewall, have UAC turned on, think before you execute a program. None of that is perfect, none of that is something that can't ever fail, but with layers of protection if one fails, you've others to fall back on.

  • Registry (Score:2, Insightful)

    by lyinhart (1352173) on Thursday November 25, 2010 @03:01PM (#34344338)
    From the article: "The flaw is related to the way in which a certain registry key is interpreted..." Another argument for abolishing the Windows registry and storing setup information in plain text files. Not like that's going to happen...
  • Re:Bad omen? (Score:5, Insightful)

    by WrongSizeGlass (838941) on Thursday November 25, 2010 @03:08PM (#34344386)

    And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

    I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

  • Re:Bad omen? (Score:3, Insightful)

    by Yvan256 (722131) on Thursday November 25, 2010 @03:09PM (#34344396) Homepage Journal

    Fortunately for us, it works in a different way in computer-land. They only seek out other Windows computers to turn them in zombies.

  • by judeancodersfront (1760122) on Thursday November 25, 2010 @03:11PM (#34344408)
    OpenBSD doesn't have the same goals and doesn't have to provide the same level of compatibility.

    Windows Security 2008R2 actually has a pretty impressive security record so far. If they stripped it down and provided only core services like OpenBSD it would be even better. The problems really exist in user space where you have a lot of naive people running random executables provided by some very bad people who spend all day looking for holes.
  • by 0123456 (636235) on Thursday November 25, 2010 @03:12PM (#34344420)

    Besides nebulous empty rhetoric like Windows having a broken design, what's wrong with it that a rewrite would fix?

    Staggering amounts of backwards compatibility crud full of security holes?

    One obvious example is Windows' default behaviour of loading .DLL files from the current directory, which allows you to infect arbitrary executables by starting a program from a directory wihch contains a malware DLL. 'But we can't change that because it will break WhizzbangSoft 2003!'

    The only way for Windows to become secure is to throw out backwards compatibility, and then no-one would use it.

  • Re:Registry (Score:5, Insightful)

    by Spad (470073) <slashdot AT spad DOT co DOT uk> on Thursday November 25, 2010 @03:19PM (#34344472) Homepage

    "The flaw is related to the way in which a certain config file is interpreted..."

  • Of course (Score:2, Insightful)

    by Sycraft-fu (314770) on Thursday November 25, 2010 @03:24PM (#34344516)

    UAC isn't really anything special, just an easy way for running as a deprivileged user. However many Slashdot types love to hate on it not only because it is from Microsoft, but because it messes with one of their talking points. For the longest time Linux (and OS-X) types hated on Windows because people ran as administrators. They talked about how amazingly insecure that was, how big a problem, how MS didn't care about security and so on. Many people tried to explain to them that it really doesn't matter, since people will just hand out the credentials to elevate without thinking, you can't protect people from themselves.

    Well then along comes UAC, with a number of other security enhancements. Seems Ms WAS taking that seriously now. They made it easy for users to run deprivileged. Well shit, that isn't a good thing if you are an MS hater. So they find ways to hate on UAC and claim it is no good, insecure, worthless, a pain, whatever. Many of the criticisms apply just as well to other elevation modes in other OSes but this isn't a matter of true technical analysis, it is just fanboyism.

    Same shit here. Windows has a bug in its privilege isolation, leading to a local escalation exploit. Something to be fixed for sure, but hardly super critical. Linux has had the same kind of thing many times and it is never a major crisis since it still requires code to get on the local system and be executed first. However since it is with Windows they'll spin it as an anti-UAC thing.

  • Re:Bad omen? (Score:5, Insightful)

    by ScrewMaster (602015) * on Thursday November 25, 2010 @03:28PM (#34344550)

    I found that they had gone back to Explorer (Firefox "didn't look the same")

    Get them this [mozilla.org].

    Seriously though, if they couldn't even handle a switch from IE to Firefox, you think they're not going to raise holy hell if you swap out the entire OS?

    Doesn't matter. So far as she's concerned, they're going to get told. We'll try to make the transition as easy as possible, but sometimes you just have to bite the bullet. It's her computer, and those are her kids, and they'll do as they're told. Her husband couldn't care less so long as he can get his email and go to a few Web sites he needs. The kids are the big problem. I also told her we could just get them their own computer, and when they break it ... tough. Maybe then they'll start to learn a little respect. They've wasted enough of their mother's time, not to mention mine.

  • Re:Bad omen? (Score:5, Insightful)

    by ScrewMaster (602015) * on Thursday November 25, 2010 @03:30PM (#34344570)

    And I spent five hours last night cleaning up friend's Vista machine. Her husband and her kids have a habit of repeatedly infecting the thing since they are either unwilling or unable to exhibit the slightest discipline when using the Web, and will install anything that's shiny and free.

    I have neighbors like that. After cleaning up after them a few times I charged them my normal rate to clean up their computer. It hasn't been infected since.

    Or it's just as infected but they're just dealing with it since they're too cheap to pay you what you're worth. Which is just the same so far as you're concerned, I agree.

  • Re:Bad omen? (Score:5, Insightful)

    by Gadget_Guy (627405) * on Thursday November 25, 2010 @03:33PM (#34344590)

    When has anyone, especially Microsoft, ever cared about them?

    What a completely uncalled for comment. When did Microsoft care for clueless home users? When half their market share was with clueless home users. When they implemented the UAC (the corporate world already knew to setup limited domain user accounts). When they came out with the free Microsoft Security Essentials [microsoft.com], which was designed for home users. When they implemented automatic updates because clueless home users never applied service packs. Or maybe when they did a better job of locking down the default settings in the latest Windows/Internet Explorer.

    Sure, they don't do a perfect job, as this case shows. But you will find privilege escalation bugs on most operating systems and Microsoft WILL come out with a patch to fix the bug. All the clueless home users have to do is wait for it to be automatically downloaded and applied.

  • Re:Bad omen? (Score:4, Insightful)

    by ScrewMaster (602015) * on Thursday November 25, 2010 @03:52PM (#34344700)

    What a completely uncalled for comment.

    Not at all. Microsoft got caught flat footed when the Internet went public. Windows was never able to be used safely on anything but a trusted network, and after almost twenty years it still isn't. If it were, why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

    Stop making excuses. All operating systems are vulnerable, to varying degrees, when connected to the global network. Only one OS, however, stands out as a shining example of how not to do it.

  • Re:Bad omen? (Score:3, Insightful)

    by grcumb (781340) on Thursday November 25, 2010 @05:13PM (#34345210) Homepage Journal

    And if linux or osx ever exceed microsofts marketshare you'll see the malware flood onto them too.

    Okay, I'm going to go all scientific on this and say: Prove it.

    Don't just speculate based on false equivalence; don't just make shit up. Prove to me that Linux and Mac OS are not only equally susceptible to malware infection, but that a flood of exploits is the inevitable result of widespread adoption.

    While you're doing that, perhaps you could explain at what point this becomes inevitable. After a million installations? Two million? Ten million?

    Is it necessary that these installations happen only on personal computers? Would dominance of the server market suffice? Of the mobile market? How about tablets? Hand-helds? Home media servers? Surely any significant penetration into markets that enable the use and transmission of personal data would be ripe for the picking?

    And then perhaps you could refute the contention that neither Linux nor Mac OS will ever recreate the monoculture we're seeing currently with Windows, that this heterogeneity is by design and that it's an innate strength in the development culture.

    Until you do that, I'm going to assume that what you mean is, "When Mac OS or Linux become just like Windows, they will be just like Windows." And I'll treat your statement as the childish, simplistic tautology that it is.

    HTH, HAND.

  • Re:Bad omen? (Score:1, Insightful)

    by Anonymous Coward on Thursday November 25, 2010 @05:25PM (#34345304)

    Sure thing buddy. I mean an app can't call gsudo rm -rf / or anything.

    Oh wait, you mention repositories? Yeah, like that's ever stopped malware on Android, which has far less of a developer presence than Windows does, and a virtual machine doing most of the security.

    Oh wait, you mention open source? Yeah, like people are going to review tens of millions of OSS applications when everyone switches to Linux. Oh, and I'm sure that all the developers in the world actually WILL switch to a distro which requires code release. Nope, it won't only be 1-2% of them.

  • by Myopic (18616) on Thursday November 25, 2010 @05:43PM (#34345434)

    I only read your first sentence. I'm pretty sure the brilliant idea is install NetBSD.

  • by Anonymous Coward on Thursday November 25, 2010 @07:08PM (#34346050)

    why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

    Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?

    *Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*

    Why the fuck do I need a firewall at all? Seriously.

  • by fluffy99 (870997) on Thursday November 25, 2010 @07:43PM (#34346268)

    The solution is to make computers with Linux already installed available. Unfortunately configuration of Linux is quirky and poorly documented, slowing adoption.

    Dell tried that and sales were so bad, that they stopped doing it for the consumer level computers. You can still get a no-OS option servers.

  • by grcumb (781340) on Thursday November 25, 2010 @08:44PM (#34346542) Homepage Journal

    As for the inevitability, that's dead easy. Malware is business, and has been for years. For each platform, there are two relevant numbers: cost to produce a useful exploit, and value (income) from releasing that exploit. Currently, the former number is relatively high for Windows - it's been picked over pretty hard, and a lot of security hardening has gone into it. Again, see things like Pwn2Own.

    It is interesting, isn't it, that people go to such efforts to find Windows-specific exploits when they could find exploits on other systems with far less effort?

    That there's a reason for this, and it has everything to do with return on investment, as you rightly say:

    However, the latter number - the money you can make with a good Windows exploit - is far, FAR higher. Many millions of dollars higher. The difference between that value on Windows and that value on other desktop operating systems is such that it's not worth developing malware for them if you could do it for free (i.e. be compensated for your time). If you're going to spend the time writing malware for desktop operating systems, there just isn't any target that makes sense other than Windows.

    So I come back to the question I posed originally:

    "Perhaps you could refute the contention that neither Linux nor Mac OS will ever recreate the monoculture we're seeing currently with Windows, that this heterogeneity is by design and that it's an innate strength in the development culture."

    I'm not for a moment suggesting that writing malware as a business won't continue after Windows is long gone. Of course it will.

    But just as US banks in the 1920s-30s learned (eventually) to make themselves less susceptible to bank robbers (whose activity peaked at that time due to recent improvements in transportation), personal and institutional computing will eventually learn to take malware in stride, to reduce the profits of any given exploit from its current colossal size to something much simpler.

    There will always be another rube willing to allow another con-man to fleece him. There will always be innocent victims who get mugged because they were in the wrong place at the wrong time. But to suggest, as the GP does, that this somehow excuses the appallingly poor security models, practices and culture that ensure Microsoft's continued relegation to the security gutter... well, that's just disingenuous.

    To tar other OSes with the same brush is to suggest that one should not move to another bank because, once enough people move to it, it too will become the target of bank robbers. It's wrong because:

    1. Nobody is suggesting that everyone has to move all their money to one single bank;
    2. The new bank might not be perfectly secure, but at least it doesn't leave all the money in a pile in the middle of the floor.

    This move to a more heterogeneous and inherently secure environment will happen in small increments, and the process will lurch along in fits and starts, but it is far more likely to happen than another single, monolithic operating environment taking over from Microsoft Windows - and I include future versions of Microsoft Windows in that grouping.

    And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.

  • by vux984 (928602) on Thursday November 25, 2010 @10:26PM (#34347002)

    And that, my friend, is why I find the contention that 'Linux and Mac OS will be just as bad when they get popular' to be inane, misleading and, frankly, intellectually lazy.

    Just because I didn't elaborate doesn't mean I haven't thought about it.

    Personally, I'm pretty confident that the majority of malware infections are PEBKAC.

    Drive by / remote exploit malware certainly do exist out there, but its not THAT prevalent. You can go months, even years using a Windows PC without an infection with just windows firewall, and keeping your PC up to date. I've done it. Countless others have too.

    The clusterfucks of malware ridden pcs that some people routinely turn their computers into are, in my opinion primarily at least initially installed by the end user. They fall for the social engineering, go for the shiny offer, and escalate the installer so that it can have its way with the PC and bring all its friends...

    You make osx or even linux the dominant OS, where all that social engineering, and shiny crapware will start targeting OSX and linux. The same users who try to install the britney spears naked screensaver will click on the brintey_spears_naked.dmg and enter their computer password in os x.

    Right now its not worth it for that class of malware writers to do it today. So britney_spears_naked_screensave.dmg malware isn't constantly thrown in your face. Its simple economics.

    a) First, OSX and Linux combined is still single digit marketshare. Right out of the gate, Windows is where the ROI is.

    b) Second, what little marketshare OSX and Linux have are disproportionately more sophisticated users that won't fall for the bullshit anyway.

    If you are likely to be sucked in by malware bullshit then you are likely ignorant, unsophisticated when it comes to computers... and you walk into a BestBuy or Walmart... you are exactly the demographic being targeted by malware, and you'll walk out with a windows PC.

    Move all --those-- people onto linux or OSX and I have no doubt the malware will follow them, and they'll happily install it.

  • by woolpert (1442969) on Friday November 26, 2010 @01:51AM (#34347752)

    You're comparing a local privilege escalation exploit (*unix) to a remote one (Win) as if they are even the same ballgame?

    L O fucking L.

  • Re:Bad omen? (Score:4, Insightful)

    by ScrewMaster (602015) * on Friday November 26, 2010 @02:25AM (#34347860)

    why do I have to install a third-party firewall and run third-party anti-malware software, that is, if I want to use it on the Internet?

    Probably because you're too retarded to know how to use a hardware firewall, the Windows built in software firewall, and MSE?

    *Posted via Windows 7 Professional behind a hardware firewall with the software firewall turned off*

    "Retarded", huh. That's nice. We were discussing "clueless users" here, not senior engineers who have been playing with networks for a long time, probably from before you were born. My point is that, if an operating system were truly well-designed from a security perspective such nonsense would be neither necessary nor useful. But, for millions of people, it is and worse yet, is largely ineffective.

    Nor, I suspect, is that "hardware firewall" exactly what you think it is. You would get the same benefit from a small Linux PC and a couple of NICs. In fact, what you probably have there is a little plastic box with a ARM processor running a Linux core with an IPTables firewall and a browser-based front-end. It's just software, and it has vulnerabilities of its own, and the primary benefit is that it doesn't depend upon the TCP stack in your operating system. But it isn't foolproof.

    Ultimately, if an exploit is found that allows malware to run on your computer (and that hardware firewall won't help you when it comes to a browser-based or Trojan exploit) the last and best line of defense is an operating system that won't allow the attacker to access anything but the current user's files. The big problem with Windows is that it's relatively easy to gain privileged access: once that happens the game is lost. Yes, other OSes have similar vulnerabilities but it's a higher bar in most cases.

Help stamp out Mickey-Mouse computer interfaces -- Menus are for Restaurants!

Working...