Windows Vista UAC and UIPI falls short.

The Shatter Attack potential is still present with Vista.  Something that you'd think was not possible is still present in Vista.

The ability to enumerate windows running in a session, get a handle to that window and send it windows messages, such as WM_KEYDOWN, is still possible from a lower privlege process to a higher privelege process.

So, a low privlege process could search all the windows, find say perhaps a CMD prompt running as adminstrator, then send a buch of keystrokes to it to execute an elevated command.

That's a big hole. 

Link to invisiblethings' blog: Running Vista Every Day!

Print | posted on Sunday, February 18, 2007 10:35 AM

Comments have been closed on this topic.