1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Windows zero-day flaw bypasses UAC

Discussion in 'Article Discussion' started by CardJoe, 26 Nov 2010.

  1. duc

    duc What's a Dremel?

    Joined:
    9 Jan 2006
    Posts:
    48
    Likes Received:
    0
    Just wondering if this is the one of the method of information gathering used by AV companies; scour forums for hacks and then release statement saying that they've discovered...
     
  2. KidMod-Southpaw

    KidMod-Southpaw Super Spamming Saiyan

    Joined:
    28 Sep 2010
    Posts:
    12,592
    Likes Received:
    558
    I don't have UAC on anyway, I feel sorry for vista users.
     
  3. Reitau

    Reitau WizD Rawks

    Joined:
    21 Nov 2010
    Posts:
    128
    Likes Received:
    3
    Agreed its most irritating feature of recent years. New customers of mine often think something is wrong with the computer and ask me to turn it off! Even when I try and scare them in to keeping it they ask me to get rid.

    I've never used it on Vista or 7, I don't even have an anti virus (although I never recommend to customers running without one.)

    I can spot a virus or malware a mile away anyway!

    Alex.
     
  4. Phil Rhodes

    Phil Rhodes Hypernobber

    Joined:
    27 Jul 2006
    Posts:
    1,415
    Likes Received:
    10
    No idea, all my stuff is Javascript. Haven't investigated Powershell, on the basis that it appears to be a slightly worse version of just running Javascript under WSH. Windows has had really rather good scripting ever since JScript was introduced; I'm not sure why they felt the need to include another. No, wait, I see exactly why - because of unflattering comparisons with Linux, from Linux users who didn't know about WSH.

    So yes, there we have it - there is no reason for Powershell to exist, but it had to, because Linux users didn't know what WSH was. In conclusion: the world is doomed.
     
  5. leexgx

    leexgx CPC hang out zone (i Fix pcs i do )

    Joined:
    28 Jun 2006
    Posts:
    1,356
    Likes Received:
    8
    u norm Nock the uac setting down so it does not make the screen dark as most systems seem to have an delay before the box pops up

    I would never disable uac as you just be running xp way of security

    I have been seeing user mode fake av soft (thinkpoint) does not seem to use uac, stops programs from opening, could do combofix working on 64bit OS as well
     
  6. Woodspoon

    Woodspoon What's a Dremel?

    Joined:
    10 May 2008
    Posts:
    502
    Likes Received:
    1
    OMFG!
    Seriously?
    You probably have loads and you don't even know it.
    Just because everything appears to be ok it doesn't mean there isn't anything just sitting there undetected, idle or just spreading stuff to other people.

    Seriously dude, get some protection, no matter how good you think you are something will always get past.
     
  7. Niftyrat

    Niftyrat Dremel overpriced like EA games

    Joined:
    15 Aug 2010
    Posts:
    95
    Likes Received:
    1
    Another day another world comes to an end exploit found, no doubt it will be patched sharpish, the real question is what involvement would a user have in installing exploit?
     
  8. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    faster than ophcrack.. just get in install your stuff and get out =]

    uac works well if you know how to use the task scheduler to run things at logon.. you'll never see the prompt unless it matters if you set it up right- uac should be all the way up in 7

    what's funny by default windows 7 uac is a joke to bypass.. it has safelists like notepad.exe and exploits have already impersonated those files to gain full admin rights.. turn it all the way up or off (dunno why anyone would do this.. but I'm sure they have their reasons)

    exploits happen and it's a pretty good exploit.. this is kind of a nightmare for system admins who have to deal with employees opening attachments or running things off usb sticks- hope they get it patched soon
     
  9. r4tch3t

    r4tch3t hmmmm....

    Joined:
    17 Aug 2005
    Posts:
    3,166
    Likes Received:
    48
    For you guys that say UAC is annoying because of your scripts, I'm sure there is a way of setting UAC to allow certain programs without asking. So if your writing your own scripts I'm sure you are capable of setting UAC to ignore them. (Again assuming it's possible)
     
  10. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    you can always run a script as admin like this

    Code:
    Set objSh = CreateObject("Shell.Application")
    
    objSh.ShellExecute "wscript.exe", "c:\Example\example.vbs" , "", "runas", 1
    1,2,3 at end normal,minimize,hidden.. but anyone who writes would know this, that's why it kind of doesn't make sense to say uac is stopping me from writing my scripts

    course win 7 has a whitelist by default, but if your running uac with a whitelist you might as well turn it off
     
  11. tristanperry

    tristanperry Minimodder

    Joined:
    22 May 2010
    Posts:
    917
    Likes Received:
    41
  12. jimmyjj

    jimmyjj Minimodder

    Joined:
    20 Jul 2010
    Posts:
    663
    Likes Received:
    15
    UAC bugged me in vista for the first two weeks.

    After that I never noticed it and it has saved my arse more than once.
     
  13. Reitau

    Reitau WizD Rawks

    Joined:
    21 Nov 2010
    Posts:
    128
    Likes Received:
    3
    Well unless the remastered version of Terminator or Blade Runner comes loaded with a computer created virus from a ulternate future, or some how you can get emailed a virus without an attachment, or eBay, IPlayer, 4OD or Youtube become infected I'm fairly safe!

    Ive always said, do dodgey shiz get dodgey shiz on your PChizzle homez.

    Al3x.
     
  14. r4tch3t

    r4tch3t hmmmm....

    Joined:
    17 Aug 2005
    Posts:
    3,166
    Likes Received:
    48
    And what happens if bit-tech gets compromised? Still safe?
     
  15. Reitau

    Reitau WizD Rawks

    Joined:
    21 Nov 2010
    Posts:
    128
    Likes Received:
    3
    Its ok, biggest problem on BitTech is the Spammers, and the never ending quest to reach the Relix.

    Alex.
     
  16. GoodBytes

    GoodBytes How many wifi's does it have?

    Joined:
    20 Jan 2007
    Posts:
    12,300
    Likes Received:
    710
    For those who says that UAC is useless. remember that it helped millions of user world wide in preventing attacks. Exploits from plug-in, or other programs in attacking the system fails to run, picture.jpg.exe is no longer a treat. Countless number of viruses stop functioning.

    Ok so what, a security hole was found, it will be fixed and voila.. now what. UAC is completely safe again. By the time the malware/virus-makers integrate this technique into their attack, which is actually hard and challenging by itself, Microsoft will release a patch. And don't assume that 100% of malware and virus suddenly have the ability to do this. I am sure that less than 1% of malware/viruses will have it.

    Beside, we have an A//V to make things even more protected.

    UAC should not be disabled. In fact, I think Microsoft should went all in, and apply Linux style. You want admin? get out the terminal (unless you use Ubuntu now they have the dialog box for certain things).
    And for those who thing that Windows UAC dialog is stupid as you just click on Continue. Remember that it's like this because you are ADMINISTRATOR. Not the real absolute one, but one. Any other non-Admin users needs to enter the user name and password of an Admin privileged account.
     
  17. bobwya

    bobwya Custom PC Migrant

    Joined:
    3 May 2009
    Posts:
    193
    Likes Received:
    1
    UAC is a joke - at least in UNIX (and clones) it is/was built-in from the start...
     
  18. GoodBytes

    GoodBytes How many wifi's does it have?

    Joined:
    20 Jan 2007
    Posts:
    12,300
    Likes Received:
    710
    This works because YOU ARE the one running it. Windows blocks this including BAT files from a program to do this. The only possibility is that the program moves your mouse, go inside your folders and double click on the file, all by knowing exactly where each folder and the file is located on your screen, and your window placements (Windows doesn't provide that information), and hopes that you don't move the mouse while it does this. So good luck.
     
  19. GoodBytes

    GoodBytes How many wifi's does it have?

    Joined:
    20 Jan 2007
    Posts:
    12,300
    Likes Received:
    710
    UAC is built-in from the start. It goes all the way down to the core of Windows.
    Remember since Vista, nothing is based on NT3. XP was the last OS that was based on NT3, where every version was just newer features and patches done on the NT3 kernel, with minor modification to it.
     
  20. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    yeah it elevates a script.. if you ever tried to run a vbs script as admin without the scheduler, you'll see why this works.. most scripts are on a schedule anyhow, so task scheduler is perfect for running scripts you need done at a certain time/login

    you'll get the prompt, but that's what uac does.. maybe a way to add run as admin into the context menu for vbs files, but I never tried
     
Tags: Add Tags

Share This Page