Microsoft wins points with the tech community by reversing its decision to ignore a critical security flaw
By Jason Mick - February 6, 2009
DailyTech recently reported on how a critical security flaw found in the beta of Microsoft's upcoming Windows 7 OS could allow attackers to easily disable the integral User Account Control (UAC) security component and gain control of systems. The flaw was first discovered by Windows blogger Long Zheng, and was also independently detailed by blogger Rafael Rivera. The pair followed up with additional information yesterday on how the flaw could be used to give a malicious payload full execution rights. Microsoft's reaction to the flaw initially was to totally deny that it was a problem, choosing to instead refer to it as "by design". Microsoft has apparently listened to its community and customers, today announcing a swift and dramatic reversal on its UAC stance. Microsoft announced that it will implement the seemingly obvious solution to the problem. It will warn users before any changes to the UAC. Previously this was only done in safe mode. The change preserves Microsoft's certification system, which provides less irritating warnings, while now safeguarding the UAC.
Read more here -->Link
No comments:
Post a Comment