Windows 7 UAC Security Flaw

The User Account Control security feature has been changed quite a bit in Windows 7 to make it “less annoying” than it was in Windows Vista. Many users were that annoyed by the UAC in Windows Vista that they completely disabled that feature effectively eliminating the security benefits but getting rid of the annoyance.

Windows 7 has changed the User Account Control function quite a bit. UAC can now distinguish between third party software access and access from the Windows system. Windows 7 distinguishes between third party and system applications by checking for security certificates. If the process or application has a specific certificate it will not cause an UAC prompt to show up when the user or a process is changing system settings.

Several websites (IStartedSomething) mentioned a problem with the way UAC was implemented by default in Windows 7. It basically came down to the possibility to turn off UAC completely without user interaction. Long Zheng posted a proof of concept script on the website which turns off UAC in Windows 7 by running a series of keyboard shortcuts that are invisible to the user.

The problem here is that Windows 7 identifies changes to the User Account Control as a certified process which by design does not display an UAC prompt. This means it is possible to change the User Account Control level without user interaction including the possibility to completely disable UAC.