Win 7 UAC问题扩大 - 可被随意关闭

Win7之家（ www.win7china.com）：Win 7 UAC问题扩大 - 可被随意关闭

 还记得Windows 7 Beta中的UAC现Bug么？那是国外博客作者LongZheng发现的第一个UAC bug。恶意软件可以在默认UAC设置下通行无阻。而就在今天，LongZheng再次发表文章称，UAC的第二个Bug也已经被发现。这次的问题更严重。

LongZheng称这次恶意软件可以将自己的权限提升至超级管理员权限，而不会触发UAC，也不用关闭UAC。而事实上，恶意软件甚至可以悄无声息地关闭UAC。这对微软而言，可不是个好消息，对当前的Windows 7 Beta用户也不是什么好新闻，至少已经存在安全风险了。对此，他建议所有Windows 7 Beta用户将UAC级别设置为高以减少安全风险。

此前微软曾宣称这不是Windows 7的Bug，就是这样设计的。而问题严重到这个地步，估计微软会在后续放出补丁。

附部分原文：

Long Zheng of I Started Something has uncovered a flaw in Windows 7's UAC that means malware can elevate itself to administrator privileges. This news comes after a previously discovered flaw in Windows 7's new tiered UAC system that meant malware can disable UAC silently.

Zheng has stated "a second UAC security flaw in the Windows 7 beta's default security configuration allows a malicious application to autonomously elevate themselves to full administrative privileges without UAC prompts or turning UAC off", which is bad news for Microsoft. It is also bad news for all the people currently running the Windows 7 beta, leaving them with a security risk. Zheng recommends that, if you're using Windows 7 currently, set your UAC to High to reduce any potential problems. For more information on how to set the UAC level please read our UAC overview.
...