iTnews
  • Home
  • News
  • Technology
  • Software

Microsoft promises User Account Control fix

By Shaun Nichols
Feb 7 2009 8:06AM
Follow google news

Microsoft has agreed to fix the controversial User Account Control security setting in its Windows 7 operating system.

Jon DeVaan, Windows core operating system senior vice president, and Steven Sinofsky, senior vice president of Windows, said in a blog posting that Microsoft will increase the protection around the UAC component in the upcoming version of Windows.

The security of UAC became a hot topic with developers and early users of the operating system after a pair of researchers posted a proof-of-concept sample which was said to completely disable UAC protection without user notification.

Microsoft later responded to the reports, claiming that it was not a true security vulnerability and that a user would have to be already infected for the attack to work.

In the latest statement on the issue, however, Microsoft has apologised for the way the situation was handled.

"We said we thought we were bound to make a mistake in the process of designing and blogging about Windows 7," Sinofsky and DeVaan wrote.

"We want to continue the dialogue, and hopefully everyone recognises that engineering, perhaps especially engineering Windows 7, is sometimes going to be a lively discussion with a broad spectrum of viewpoints expressed."

Sinofsky and DeVaan confirmed that the Release Candidate of Windows 7 will include two changes designed to shore up security around UAC.

The update will elevate the status of UAC to a high integrity process which requires an administrator-level account. Additionally, any changes to the UAC setting itself will require notification and user approval.

The updates to UAC appear to have addressed the complaints, but Sinofsky and DeVaan warned users that they would by no means bring total security to Windows 7.

"The feedback is that UAC is special because it can be used to silently disable future warnings if that change is not elevated, so to change the UAC setting an elevation will be required," the pair wrote.

"We also don't want to create a sense or expectation of security that is not there. You should still not download code and run it unless you trust the source."

Microsoft promises User Account Control fix

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
microsoftsecuritysoftwareuacuserwindows

Related Articles

  • Perth Airport to deploy 70 IT, OT systems for new terminal Perth Airport to deploy 70 IT, OT systems for new terminal
  • Apple rolls out new, AI-powered Siri Apple rolls out new, AI-powered Siri
  • iTnews State of Data & AI Breakfast comes to Sydney this July iTnews State of Data & AI Breakfast comes to Sydney this July
  • Defence says Palantir is "sandboxed" in its environment Defence says Palantir is "sandboxed" in its environment
Join our WhatsApp Channel

Partner Content

Why resilient communications are becoming critical infrastructure for modern enterprise IT
Promoted Content Why resilient communications are becoming critical infrastructure for modern enterprise IT
From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Promoted Content From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Agile isn’t the problem: why projects still fail, and what’s missing
Partner Content Agile isn’t the problem: why projects still fail, and what’s missing
Take control of your connectivity with Telstra’s Adaptive Networks Centre
Partner Content Take control of your connectivity with Telstra’s Adaptive Networks Centre

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
  • Security Exhibition & Conference Security Exhibition & Conference
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
CBA sends over a decade of data to the cloud as AI demand ramps

CBA sends over a decade of data to the cloud as AI demand ramps
HBF faces AI agent to members for first time

HBF faces AI agent to members for first time
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.