Robert Paveza, a web application developer with marketing firm Terralever, has published a paper demonstrating a two-stage attack which he says allows malicious code to infect Vista systems even from accounts running under the limited privileges afforded by UAC.
The attack takes advantage of the fact that UAC permissions are somewhat porous, with programs able to ride on the coattails of other processes that are commonly granted higher privileges.
This is related to one of the flaws in UAC pointed out by security researcher Joanna Rutkowska in February. Rutkowska pointed out that the integrity levels (ILs) put into place by UAC are designed to allow certain breaches.
Under Paveza's attack, the malicious code would ride on seemingly innocuous software that could, in fact, run as advertised and without any elevated privileges needed, leaving the work of infection for later.
Microsoft in a statement downplayed the risk of the attack, pointing out that the attack requires significant user interaction and that not all users will have the privileges to authorize the malicious code.
However, Mark Russinovich, a Technical Fellow in Microsoft's Platform and Services Division, already answered all such criticisms back in February by explaining that UAC is not to be considered a security mechanism. Rather, it is a way of prompting developers to build more secure applications, he said.
For the full article