lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <55DF26C6.1020600@mit.edu> Date: Thu, 27 Aug 2015 11:03:34 -0400 From: Rich Pieri <ratinox@....edu> To: bugtraq@...urityfocus.com Subject: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host On 8/26/15 8:09 PM, vozzie@...il.com wrote: > Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't > accept the admission because it's not a remote vulnerability. > Surprisingly Microsoft didn't accept the vulnerability because "UAC > isn't considered a security boundary". UAC is not a security boundary. It's purpose is to annoy users in order to force vendors to fix their bad code: http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users/ -- Rich Pieri <ratinox@....edu> MIT Laboratory for Nuclear Science
Powered by blists - more mailing lists