Vista's User Account Control is not very trustworthy

User Account Control (UAC) in Vista is designed to detect untrustworthy programs based on a colour code in the UAC message to prevent such programs from gaining administrator rights if need be. But now, researchers at Symantec have found a way to subvert the system.

When calling administrator rights, the UAC displays different colours: executable files that are part of Vista are given a green UAC prompt; files that have been given a digital certificate by the vendor receive a greyish prompt, while unknown applications set off a yellow UAC dialogue.

As Symantec explains, the file RunLegacyCPLElevated.exe in Vista serves to execute even older system control components. They can be anywhere on the hard drive. Now, in one risk scenario a contaminant stores code in a directory for which the user has write access. Because the user has these rights, no warning message is issued.

The contaminant can then call this file by means of RunLegacyCPLElevated.exe. The user simply receives a green UAC prompt explaining that a Vista component requires greater rights. If the user is familiar with the colour scheme used in UAC prompts, he may simply rely on the scheme and give the contaminant administrator rights.

However, Microsoft has already [ticker:uk_85335 countered] that it does not view such flaws as a security problem because UAC messages do not offer any direct protection. It is therefore not clear whether there will ever be a patch for this.

See also:

• An Example of Why UAC Prompts in Vista Cant Always Be Trusted, entry in Symantec's security blog

(ehe)