On 8/26/15 8:09 PM, vozzie (at) gmail (dot) com [email concealed] wrote:
> Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't
> accept the admission because it's not a remote vulnerability.
> Surprisingly Microsoft didn't accept the vulnerability because "UAC
> isn't considered a security boundary".
UAC is not a security boundary. It's purpose is to annoy users in order
to force vendors to fix their bad code:
> Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't
> accept the admission because it's not a remote vulnerability.
> Surprisingly Microsoft didn't accept the vulnerability because "UAC
> isn't considered a security boundary".
UAC is not a security boundary. It's purpose is to annoy users in order
to force vendors to fix their bad code:
http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users
/
--
Rich Pieri <ratinox (at) mit (dot) edu [email concealed]>
MIT Laboratory for Nuclear Science
[ reply ]