Security 10816 Published by

PC World reports that a security firm claims a Windows kernel bug lets attackers evade Windows UAC security.



The exploit was disclosed Wednesday -- the same day proof-of-concept code went public -- and lets attackers bypass the User Account Control (UAC) feature in Windows Vista and Windows 7. UAC, which was frequently panned when Vista debuted in 2007, displays prompts that users must read and react to. It was designed to make silent malware installation impossible, or at least more difficult.

"Microsoft is aware of the public posting of details of an elevation of privilege vulnerability that may reside in the Windows kernel," said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail. "We will continue to investigate the issue and, when done, we will take appropriate action."
  Microsoft Downplays 'Nightmare' Windows Kernel Flaw