Windows flaw allows malware to bypass UAC

Windows users were today alerted to a new security vulnerability that can allow malware to carry out massive system changes.

The exploit takes advantage of a bug in the win32k.sys, part of the Windows kernel.

Due to the way it interprets a particular Registry key, the bug can allow malicious software to access the victim's PC by impersonating the Windows 'System' account.

The System account is designed for use by the operating system itself, and has the same privileges as an Administrator account. It is allowed almost unlimited access to all Windows components, giving rise to a severe security risk.

In Vista and Windows 7, the flaw can also be exploited to bypass User Access Control (UAC), the safety net that Microsoft introduced to prevent unauthorised users making major changes to a Windows set-up.

The flaw affects all versions of Windows from XP onwards, and was announced briefly on programming education site Codeproject.com, but has since been removed.

Writing on the Naked Security blog of anti-virus firm Sophos, Chester Wisniewski, explained:

"On its own, this bug does not allow remote code execution (RCE), but does enable non-administrator accounts to execute code as if they were an administrator."

No 'fix' for the flaw has been announced by Microsoft as yet, but Wisniewski provides instructions on a workaround that can help to keep systems secure in the meantime.