Microsoft made some changes to UAC after the Windows community discovered a huge security flaw that allowed the UAC setting to be changed without the user knowing at all. These changes are applied in Windows 7 RC. But the guys over at OSNews still believe that UAC is insecure.

In order to decrease the number of UAC prompts in Windows 7, Microsoft gave some Windows apps and processes auto-elevated privileges that don’t trigger any UAC prompts. However, the downside of this is that these apps can be exploited to wreak havoc on the computer. A proof-of-concept exploit has been developed by injecting its code into the memory of a process with such apps that have special privileges. This is what Holwerda from OSNews has to say about UAC:

At this point in time, the default UAC level in Windows 7, and all levels below that, are insecure. You might as well turn UAC off completely, as it makes no difference to have it either off or at the default level. This entire flaw becomes null the moment you set UAC to its highest setting (as that disables auto-elevation).

You can read the entire article over at OSNews

Related posts:

1. Microsoft responds to UAC criticism in Windows 7 and fixes design flaws After much criticism towards a huge UAC security flaw discovered by the Windows community,…
2. Microsoft says UAC prompts in Windows 7 will be nearly a third fewer than in Vista Windows Vista’s UAC fiasco left a lasting impression on many as a good reason to…

. Read the rest at windows7center.com.