Windows 7 or serious defects. Microsoft is indifferent.

Security researchers have found a very serious defect in the User Account Control Function of Windows 7. Microsoft has understood the relevant information, but so far it still believes that there is no need to modify the unreleased Windows7 code.

According to foreign media reports, User Account Control is a security function introduced by Microsoft in the Windows Vista operating system to prevent the running of malware. Before allowing the application to continue running, the User Account Control function will remind the user to approve the operation of the application, but many users think it interferes with their normal operation.

Microsoft modified the User Account Control Function in Windows 7 of Beta to improve the user experience. The Enhanced User Account Control function has four different security levels, meaning that normal tasks can run normally without user approval.

However, when Microsoft modifies User Account Control, "do not pay attention" introduces another security defect. If you disable the User Account Control Function, you will not be reminded again. Security researchers said this means that malicious files in the future can also "quietly" turn off the User Account Control Function, making users mistakenly believe that the function is still running.

The security researchers explained that by default, the User Account Control feature is set to "notify me when the software tries to change the computer" and "Do not notify me when changing Windows Settings ". The User Account Control Function identifies third-party software and Windows Settings Based on the security certificate. All applications that modify Windows Settings carry a special Windows7 certificate. For example, the functions in the Control Panel contain such certificates, therefore, changing the system settings does not trigger the User Account Control Function.

The weakness of the User Account Control function is that modification to this function is also considered as "modifying Windows Settings" and will not remind users. Even disabling user control does not remind users.

To illustrate the severity of the problem, the researchers have also developed a concept verification code to "quietly" Disable the User Account Control function without the user's knowledge, this function can be activated after malicious code is loaded.
Some media reported that Microsoft did not think the problem was very serious. You can change the policy of the User Account Control Function to "always notify me" when this function is modified.

1. Windows 7 changed the "Pass-jumping" bad habits released in advance in 09
2. Microsoft's next-generation operating system Windows 7 exposure
3. 8000 the alliance where industry sites are located has been attacked by hackers and has not yet been fixed