Microsoft lists UAC hack as malware

posted on July 30, 2009 by Maurice

As those involved in the Windows 7 community may know, Microsoft has failed to fix a crucial flaw in the User Account Control feature of the operating system which allows a specific whitelist of applications to inject code that can allow any application to silently elevate. The code was released about a month ago as a proof-of-concept by Leo Davidson showcasing the flaw elevating a command prompt window using the whitelisted explorer.exe process.

The company stands by UAC in its final form, but they’re taking it a step further by blocking the program that causes the exploit using their own security software.

Today, I just happened to download the zip file that causes the exploit when Microsoft Security Essentials greeted me with a nice dialog telling me that what I just downloaded is malware, specifically HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture). While I’d agree that this can be considered a form of malware, it’s just a very bad way of dealing with the situation. However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

It’s not clear what method the signatures take to detect it, but I promptly recompiled the source code under the Visual C++ 10.0 toolkit using VS 2010 Beta and the application ran undetected. Not a very good solution if it actually hash checks for the specific applications.

Leo, and I (or Bryant) will update our respective pages accordingly as we discover more. Bryant is seeking official word from Microsoft on what’s going on. Meanwhile, you can see the VirusTotal report here and grab the exploit here.

Update (~Bryant): let’s take a look at what’s going on here from a different approach. Microsoft says that the vulnerability here is not actually a vulnerability and is, in fact, by design. However, they’ve also classified Leo’s proof-of-concept as malware. Logically speaking, if a process whose sole purpose is to exploit a perceived vulnerability is marked as malware, then it’s reasonable to assume that the perceived vulnerability is indeed a significant problem. Basically, Microsoft contradicted themselves by listing the proof-of-concept as malware.

Update 2 (~Bryant): A friend of mine proposed one particular argument as a potential explanation to this issue, whereby this is a bug within Microsoft Security Essentials. The reasons I don’t believe this to be the case are:

This exploit was specifically named as HackTool:Win32/Welevate.A (A quick googling shows only three links; one is to the aforementioned virustotal link, the second and third to a Microsoft encyclopedia entry.
This particular label only applies to this specific proof-of-concept
A reasonable vulnerability assessment (”Medium”) was applied to this particular proof-of-concept, which makes sense given that this security vulnerability in UAC is only really an issue if either a user runs a malicious application or if some other internet-facing application were to be compromised. I covered the latter in an older post of mine where I explain how this flaw essentially raises the vectors of attack many-fold.

Leo and Bryant contributed to this post.

Tags: Microsoft, stupid, The left arm doesn't quite know what the right arm is doing, UAC, What went wrong?, Windows, Windows 7

10 Comments »

Expression Studio 3 and DreamSpark: when?

posted on July 24, 2009 by Bryant Zadegan

expression3dreamspark DreamSpark is one of those relatively-awesome-yet-equally-as-known initiatives from Microsoft. Yeah, plenty of people know about it, especially many up-and-coming developers who happen to be the intended audience, but there are also others who could easily benefit. I always manage to run into an IT or CS student who has no idea about DreamSpark until I tell the person, and once they see it, it’s like this treasure trove of lightbulbs turns on in the person’s mind.

For those who don’t know, DreamSpark throws free software at students (after verifying their student-hood, of course). I previously wrote about using DreamSpark to get and use a free OS in place of Vista over here.

Now, keeping the awesomeness of DreamSpark in mind, Expression 3 was only very recently released. A number of threads have popped up on the internet, with the most notable first result for me being this thread on Channel 8. Coupled with requests from other students I personally know as well as faculty from schools near the DC area (thanks for reading, guys!), I figured I’d look into it.

There’s good news, and there’s the news which isn’t exactly bad. I’ll spill the news which isn’t exactly bad first.

There’s no official target date on getting Expression Studio 3 up on DreamSpark, nor will it be available in July, nor is the target timeframe a certainty or guarantee. There; that’s the news which isn’t exactly bad.

The good news: the target timeframe is still before the point when classes start for many of you. The word, as given by a Microsoft spokesperson, is that a “target timeframe would be [the] end of August.”

If you can’t wait ‘til then, go grab Expression Studio 2 from DreamSpark right now. Otherwise, show some patience, be awesome, and grab Expression Studio 3 once it drops for you guys for free in a month. Cheers to dreamers at Channel 8 for holding out, and I’ll have an update for people once a specific date has been settled upon.

Tags: absolutely awesome, Channel 8, Developers, DreamSpark, Expression, Expression Studio 3, FREE!, Microsoft, students, What's Next

6 Comments »

Rafael accidentally discovers Trident in Windows 7 E

posted on July 16, 2009 by Bryant Zadegan

Internet Explorer 8 logo Rafael Rivera, as he usually does, put a massive amount of research into discovering workarounds for downloading Internet Explorer on Windows 7 E. He found and posted a rather ingenious workaround for users stuck in Europe with Windows 7 E(U-gimped). The trick, which you can read over at Within Windows, definitely succeeds in winning the “clever” label applied by Rafael, but what Rafael didn’t mention is that Windows 7 (or at least Windows Media Player) still has the Trident rendering engine somewhere within the stripped OS. This means a number of things:

Bad: Upgrading from Windows Vista to Windows 7 E shouldn’t be a problem whatsoever, despite what Microsoft may say. This, unfortunately, doesn’t do much for Microsoft’s image in Europe (unless Steven can come and tell us specifically why Windows Vista can’t be upgraded to Windows 7 E)
Good: Windows really does rely on Trident for at least a few non-browsing-related functions, which makes sense given how useful HTML can be for creating a UI. It also gives a sense of validity to Microsoft’s claims with regards to the EU.
Bad (for browser peddlers, Microsoft, and the user. Good for the EU): The EU, in its limited comprehension of how a browser works, might now use this as “evidence” of Microsoft being deceitful.
Good: Your shiny new better-than-Snow-Leopard OS won’t be as gimped as you originally thought.

This also means that any applications which use Trident for rendering any HTML to present an interface to the user will still work without needing a browser, which means that application developers should still be happy.

You can catch Rafael’s guide here. While you’re at it, if you’re a native of an EU-governed state, please email them a few one-fingered salutes on behalf of the rest of the world.

Update: Paul would like to note that Microsoft has been “very upfront” about Windows 7 E having the Trident rendering engine. The fact is, Microsoft hasn’t really done a good job at pushing this note around, and given Microsoft’s other communication issues (again, noted by Paul), I’m inclined to say that the existence of Trident actually is news.

In fact, Microsoft also posted about it on their legal blog… in typical legalese. The official statement is:

Most importantly, the E versions of Windows 7 will continue to provide all of the underlying platform functionality of the operating system—applications designed for Windows will run just as well on an E version as on other versions of Windows 7.

To those of us who assume things in the most unrealistically general sense, “underlying platform functionality” includes Trident, but this by no means makes it obvious that Trident will still be in Windows 7 E, thereby proving Paul’s previous point about communication being a problem.

Tags: an immense help to the sensible souls still around, Awesome, clever, EU, Gimped, IE8, Internet Explorer 8, loophole, Rafael, trident, Windows 7, Windows 7 E

7 Comments »

The Hotmail Team’s Supposedly New Features

posted on July 15, 2009 by Devin

The available options for the Quick Add feature. The only problem… they aren’t new.

Reading through Paul Thurrott’s SuperSite Blog last week, it appears that Microsoft announced new integration of Windows Live Hotmail and Bing. While it’s fine and dandy for the two products to work together, they announced a feature that has existed since February. Heck, they even own up to it:

We announced in February that Windows Live was piloting a new feature unique to Hotmail we’re calling “quick add.”

They went on to say that they were adding Bing integration to the “quick add” feature (the currently available options for which can be seen to your right). In reality, nothing at all changed with this feature. Don’t get me wrong, this could be a very useful thing, but every single option that is there was there yesterday, and as I recall, has been for a long while. Obviously, before June it was powered by Live Search, but as far as I know, it worked for the past month too.

Apparently, there’s not much new in the Hotmail department.

Tags: Bing, Hotmail, Live, not new(s), we still love you, What's Done, What's Next

2 Comments »

Why all this fussing over builds is meaningless

posted on by Bryant Zadegan

RTM! A few days ago, Long famously proclaimed that build 7600.16384 would be RTM (now retracted). Since then, another build has been compiled, and WZOR claims that this new build, 7600.16385, would be RTM. With this back-and-forth and soon-to-be-short-lived debate over which build will be released to manufacturing, I felt the need to drop by and remind people of a few things:

RTM isn’t just this magical thing which is compiled and then immediately signed off. It takes roughly a week’s worth of testing (in the Windows world. Shane Nokes, who happens to have experience elsewhere, knows that Microsoft could sign a project off after only three days) before certifying that a build is worthy of RTM.
7600 will be RTM. Stop worrying about which compile of 7600 will be RTM; they only have very minor changes, if anything at all.
There’s nothing new in these last few builds. There’s no new theme, no new components… nothing. What’s the point of worrying about which build is compiled if there’s literally no visible difference?

Of course, there’s much more to my little OP/ED here after the jump, so be cool and get to it.

Tags: Get a life, OP/ED, RTM, structured rant, Windows 7

5 Comments »

Zune HD technically supports 1080p via Tegra [video]

posted on July 6, 2009 by Bryant Zadegan

tegra

No, it’s not a joke, but it’s not hands-down proof that Microsoft will allow it either. The Tegra platform is fully capable of 1080p playback (as you’ll hear after the jump roughly two minutes into the video), and the Zune HD has already been outed as being built on the Tegra platform. Now, with this in mind, there are still a few things holding Microsoft back from enabling 1080p video playback on Tegra: The Zune HD likely won’t have the hard drive space to store more than a few movies in full 1080p resolution, nor is there much of a point in squandering space on a 1080p film and playing it back on a reduced screen. Storing 720p and scaling it down for playback on a smaller screen while on the move makes sense, but it doesn’t make sense to do this with massive 1080p video, especially when there isn’t even much of a perceived difference in quality when outputting both 720p and 1080p to a TV. Keep in mind as well that while Tegra’s power usage is awesomely low, playing 1080p video is still more energy-expensive than playing 720p, so 1080p will also reduce battery life. The benefits v. drawbacks aren’t in favor of 1080p, but at least it’s comforting to know that the ZuneHD is capable.

The reason this matters, though, is that for those enthusiasts out there who want the capability to throw 1080p at their TVs from their Zunes, this may be nothing more than a quick hackjob to enable. If Microsoft decides to produce a high-capacity model down the road (say, 320GB), I also wouldn’t be surprised to see it officially enabled on the Zune HD by default.

As for the Tegra platform, I managed to run into two separate Tegra netbooks, one of which was throwing 720p video at a TV without any problems. Tegra itself is ridiculously tiny, and NVIDIA seems to be working quite hard to get deals with car manufacturers, smartphone makers, netbook makers, TV makers, etc. for the Tegra platform. The goal, basically, is to get Tegra embedded into anything in which it might possibly fit, which is to say, basically everything. Power usage is also amazingly low, which opens the gates for many applications.

Update: I’ve checked the specs for the two different Tegra Systems-on-Chip, and neither state support for 1080p. However, there’s clear confirmation in the video that at least one of the Tegra models is 1080p-capable, so who knows. Thanks goes to @clubdirthill for sparking a desire within me to look into the matter.

More details on everything (including the size) can be found in my video of NVIDIA’s Tegra platform, which happens to be below the fold in both vanilla and HD YouTube form.

Tags: 1080p, 720p, microscopic, netbook, Tegra, What's Next, Zune, Zune HD

9 Comments »

Quick look at HTC’s WinMo smartphones

posted on July 1, 2009 by Bryant Zadegan

htc

HTC’s been a fan of Windows Mobile for their phones for a while now. Even though they’re going with Android on their newer phones (such as the Hero, which we ignored for the sake of this video), their current Windows Mobile offerings still make for awesome fun. In this run-through, I take a rather quick look at HTC’s current US-bound Windows Mobile phones:

Snap, coming out on two different carriers (and two different bands) with different looks for each carrier
S743, for those who don’t like touch screens but love their candy bars
Touch Cruise, basically a standard Windows Mobile touchscreen phone
Touch Pro 2, a touchscreen phone with a full horizontal keyboard and other ridiculous features
Touch Diamond 2, essentially the same as the Pro 2 but with the keyboard swapped for a higher resolution camera.

All of them are solidly built. The only downside to these phones (except for the Snap, which is subsidized by both T-Mobile and Sprint) is the price, but when you consider that HTC makes some of the best Windows Mobile smartphones around, that price might not be a bad business expense. Sadly, if you’re aiming for the Touch Diamond 2 or Pro 2 with hopes of using that front-mounted camera, consider moving to Europe; two-way video calling isn’t offered in the USA.

You can catch the vanilla YouTube and YouTube HD videos after the break.

Tags: candy bar, candy candy candy, eyecandy, fingercandy, HTC, Snap, Touch, Touch Cruise, Touch Diamond 2, Touch Pro 2, touchscreen, Windows Mobile, WinMo

4 Comments »