Thursday, 25 November 2010

Zero-day flaw allows an attacker to impersonate the system account and bypass UAC

Here’s a good example of why implementing standard user accounts isn’t enough to secure your desktop systems. Occasionally bugs are found in Windows that allow privilege escalation – or in other words, permit a standard user to elevate to a higher set of privileges.

One such flaw has recently been disclosed and is outlined by Sophos on their Naked Security blog. Additional layers of security, such as application whitelisting and antivirus should help to mitigate the threat, or alternatively you can implement the workaround outlined in the blog post.

Hopefully it won’t be too long before Microsoft provides a patch. Looking at the workaround outlined by Sophos, it looks like this hole should be relatively trivial to plug.

1 comment:

anil kumar said...

Intersting and beautiful blog lovely presentation thanks for sharing your windows vista We24support tech team are available 24/7 for repairs on computers, printers, laptops, desktops. Our tech team taken to new heights with our technician’s knowledge and 1-866-978-0799 Microsoft Windows Vista support