Microsoft under spotlight for Windows 7 security 'flaw'

A blogger warns of a possible security hole in the Windows 7 beta.

A security researcher has claimed that there is a major flaw in the Windows 7 beta which he alleges Microsoft is planning on leaving as is in the full version.

Long Zheng, security researcher and blogger for istartedsomething.com, says that there is a problem with the UAC (User Access Control), designed to monitor a computer and notify a user when a programme attempts to alter the system.

On the Windows Vista platform it was meant to protect against malware, but caused problems due to the barrage of pop-up dialogue boxes it created. Some users turned it off, effectively negating its existence.

On the Windows 7 Beta, UAC was changed so it could distinguish between third-party software and system applications by checking for security certificates. If the process or application has the right certificate it will not cause a prompt to appear.

However, Zheng said the problem with the Windows 7 beta is that UAC can now be controlled through system settings and completely disabled without user interaction. He even posted 'proof' of his claims.

He said there was a simple fix to the problem, but claimed Microsoft had replied saying "it is not a vulnerability".

He said on the blog: "The whole reason why I had made the "issue" public was because private Windows 7 beta-testers were frustrated at how Microsoft treated their concerns, but it seems like it hasn't changed."

Zheng later updated his post, clarifying how the vulnerability can occur, adding that users must be in the "Administrative" user group, not just the "Standard" user group to be able to affect things.

At the time of writing, Microsoft had not responded to our request for comment on the issue.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020