User-Prompted Elevation of Unintended Code in Windows Vista

Short Description
the RunOnce registry key and perpetually run itself as an administrator. Conclusion. Circumventing Windows Vista’s User Account Control feature is not the …

Website: www.robpaveza.net | Filesize: 536kb

Content
User-Prompted Elevation of Unintended
Code in Windows Vista
Overview
Windows Vista has implemented several new security features designed primarily to alert users to
potentially-dangerous situations on their computers and prevent malicious software from accessing
critical system components. One of the most-touted features by Microsoft, and perhaps the most
visible security addition to Windows Vista is User Account Control (UAC), in which even computer
administrators do not run with full administrative privileges. This guards the user from potentiallymalicious
software by preventing processes from writing to system folders, such as %SYSTEMROOT%
and Program Files, as well as writes to the portions of the registry that are not user-dependant,
including the HKEY_LOAL_MACHINE (HKLM) and HKEY_CURRENT_CONFIG (HKCC) registry hives.
How UAC Functions
UAC, which is enabled by default, functions by “splitting” the
user’s security token so that the “Administrator” role is not
part of the user’s default security context (see Figure 1, right).
When an administrator starts a process, the standard user
access token is assigned unless the process is explicitly started
as an administrator, either by right-clicking on the program (or
its shortcut) and choosing…