Long Zheng reports that there is a second security flaw in Windows 7 UAC
>> Second Windows 7 UAC security flaw: malware can silently self-elevate with default UAC policy
Soon after writing my last blog post on the potential security vulnerability to autonomously disable Windows 7 beta’s UAC system, I had realized that flaw was just one piece in a string of dominoes that fell much earlier when the new tiered-UAC system was introduced in Windows 7.
In summary, a second UAC security flaw in the Windows 7 beta’s default security configuration allows a malicious application to autonomously elevate themselves to full administrative privileges without UAC prompts or turning UAC off. A result I’m sure cannot be classified as “by design”.
>> Second Windows 7 UAC security flaw: malware can silently self-elevate with default UAC policy