14 DAY TRIAL // Symantec has decided to intervene in the face-off between Joanna Rustkowska and Mark Russinovich over the User Account Control in Windows Vista. In this context, Ollie Whitehouse, Symantec Security Response Researcher has taken Rustkowska's side and claimed that the User Account Control can be easily circumvented in order for malicious code to gain administrative privileges.
Microsoft's position on the matter is that UAC does not build security boundaries, and that its role is to offer users a chance to verify an application before running it with elevated privileges. Additionally, Russinovich claims that implementation bugs in User Account Control are not security bugs.
The bottom line is that although User Account Control has been applauded as one of the top additions to the Windows Vista security, because of the fact that it does not provide security boundaries, a malicious process running restricted can elevate itself to administrative rights once the user launches a legitimate process with elevated privileges.
Additionally, a malformed CPL file can hijack the RunLegacyCPLElevated.exe in order to fool the user that a request for administrative right comes directly from Windows Vista and not from malicious code. Via RunLegacyCPLElevated.exe users are able to add run levels and especially administrative privileges to legacy Windows Control Panel plug-ins.
"Unfortunately, this particular issue I discovered also has an unintended consequence on a security policy which may be used by enterprises. There is a security policy item called "User Account Control: Only elevate executables that are signed and validated," which is designed to ensure that only trusted code can be elevated. Well, unfortunately due to the same reasons the UAC prompt can be fooled, this security policy can as well," Whitehouse revealed.