14 DAY TRIAL // The User Account Control in Windows Vista is defective by design, due to the fact that Microsoft has labored to achieve a balance between security and convenience. The bottom line is that while the UAC is Vista's watchdog over the operating system's key components, it can be bypassed, and Microsoft knows this. The issue is related to the admin approval mode in Vista that allows standard users to perform elevation of privileges.
"However, it should be noted that this functionality is primarily a convenience feature for administrators and not an explicit security boundary between processes that can be absolutely isolated. If an administrator performs multiple tasks on the same desktop, then malware may potentially be able to inject or interfere with an elevated process from a non-elevated process. Thus, the most secure configuration for Windows Vista is to run processes in two separate accounts, with only administrator tasks performed using an administrator account and all other tasks performed under the standard user account," said Jim Allchin ex-Co-President, Platform and Services Division.
Security guru Joanna Rutkowska came to confirm the UAC vulnerability. The Windows Vista desktop is safeguarded by the user Account Control and the Integrity level mechanism. The problem here is that Windows Vista permits processes running with different Integrity Levels to share the desktop.
"One simple scenario of the attack is that a malicious program, running at Low IL, can wait for the user to open elevated command prompt - it can e.g. poll the open window handles e.g. every second or so (Window enumeration is allowed even at Low IL). Once it finds the window, it can send commands to execute?" revealed Rutkowska.
Mark Russinovich, a Technical Fellow in Microsoft's Platform and Services Division, has downplayed the issue saying that the all implementation bugs in UAC are not considered security flaws.