Windows 7 400 Published by

OSNews reports that the source code to the UAC injection flaw in Windows 7 has been released



In a nutshell, since we've already discussed this a few times, the flaw works like this: a lot of people got all whiny over the UAC prompts in Windows Vista. As a result, Microsoft wanted to fix this in Windows 7. The logical, thorough, and proper method would've been to fix components of Windows so that they no longer require elevated privileges. Instead, Microsoft did an epic cop-out, reminiscent of the early days of Windows XP, and created a list of processes which possess auto-elevation capabilities. In other words, Microsoft allows its own processes to silently elevate in Windows 7 as to avoid having to actually fix their code.

As always, you can fix this by setting the UAC slider in Windows 7 to its topmost position. It's also important to note that this flaw does not work if you are running as a standard user - however, since the first user created is still an administrator, that point is moot.
Source Code to Windows 7 UAC Injection Flaw Released