The company stands by UAC in its final form, but they’re taking it a step further by blocking the program that causes the exploit using their own security software.

Today, I just happened to download the zip file that causes the exploit when Microsoft Security Essentials greeted me with a nice dialog telling me that what I just downloaded is malware, specifically HackTool.Win32/Welevate.A and HackTool.Win64/Welevate.A (depending on architecture). While I’d agree that this can be considered a form of malware, it’s just a very bad way of dealing with the situation. However, Leo noted that Windows Defender in Vista did not detect this exploit, and Bryant confirmed that the same is true for Windows 7 (where the trick would actually work), so this seems to be exclusive to Microsoft Security Essentials.

It’s not clear what method the signatures take to detect it, but I promptly recompiled the source code under the Visual C++ 10.0 toolkit using VS 2010 Beta and the application ran undetected. Not a very good solution if it actually hash checks for the specific applications.

Leo, and I (or Bryant) will update our respective pages accordingly as we discover more. Bryant is seeking official word from Microsoft on what’s going on. Meanwhile, you can see the VirusTotal report here and grab the exploit here.

Update (~Bryant): let’s take a look at what’s going on here from a different approach. Microsoft says that the vulnerability here is not actually a vulnerability and is, in fact, by design. However, they’ve also classified Leo’s proof-of-concept as malware. Logically speaking, if a process whose sole purpose is to exploit a perceived vulnerability is marked as malware, then it’s reasonable to assume that the perceived vulnerability is indeed a significant problem. Basically, Microsoft contradicted themselves by listing the proof-of-concept as malware.

Update 2 (~Bryant): A friend of mine proposed one particular argument as a potential explanation to this issue, whereby this is a bug within Microsoft Security Essentials. The reasons I don’t believe this to be the case are:

• This exploit was specifically named as HackTool:Win32/Welevate.A (A quick googling shows only three links; one is to the aforementioned virustotal link, the second and third to a Microsoft encyclopedia entry.
• This particular label only applies to this specific proof-of-concept
• A reasonable vulnerability assessment (”Medium”) was applied to this particular proof-of-concept, which makes sense given that this security vulnerability in UAC is only really an issue if either a user runs a malicious application or if some other internet-facing application were to be compromised. I covered the latter in an older post of mine where I explain how this flaw essentially raises the vectors of attack many-fold.

Leo and Bryant contributed to this post.

Microsoft has an obsession with providing awesome deals for students. They also have a slight tendency to shoot themselves in the feet. This is a good amount of both, and thankfully (if you’re a student), it’s in your favor.

Microsoft created the DreamSpark program to give such awesome tools as Visual Studio 2005 and 2008 Professional Edition free to budding Computer Science and Information Technology students with a Windows Live ID. Now, here’s where the fun begins:

Sometime last year, Microsoft added Windows Server 2003 Standard Edition R2 licenses to the DreamSpark program. Even later, they added Windows Server 2008 x86 Standard Edition licenses. Coupled with Vijayshinva Karnure’s step-by-step guide to converting Windows Server 2008 into the ultimate desktop OS published in February of ‘08 on his MSDN blog, the non-technical masses now have themselves a fully functional, relatively-easy-to-configure OS that’s more powerful and more advanced than Windows Vista. Granted, “easy to configure” doesn’t mean “easier to configure than Windows Vista,” nor do you get to have the Windows Media Center, but there’s sadly always a price to pay for FREE. Given a choice between Windows Vista SP1 upgrade for ~65 dollars and Windows Server 2008 Standard Edition for free, which would you choose?

As for the steps provided, I’m not sure if the academic license of Windows Server 2008 allows for Hyper-V, so if you don’t care for Hyper-V support (as instructed in Vijayshinva’s post) or for running any virtual PCs, you can skip steps 1 and 10 on the guide.

The next question: Does Microsoft even support converting the server OS into a workstation/desktop OS? Yep, and not just because of Vijayshinva’s post, but that alone would be a justification for the following reason:

All opinions posted here are those of the author and are in no way intended to represent those of his employer. All posts are provided "AS IS" with no warranties, and confers no rights.

-Every MSDN, Technet, and other individual Microsoft employee blog.

Microsoft doesn’t endorse the opinions of its employees, but Microsoft does fully endorse any factual matters being discussed regarding its products, including step-by-step guides, support… anything of a non-opinionated nature which doesn’t involve compromising its products (like hex edits). Is this a technical loophole? Sure, but there’s a second, much better reason for Microsoft to support converting Windows Server 2008 into a desktop operating system: The “Desktop Experience” feature.

The Desktop Experience feature was added to Windows Server 2008 in part because of the absurdly high number of requests Microsoft received from small businesses running a server as someone’s desktop machine (plausible in smaller networks where extra server hardware would be cost-prohibitive). The process for turning Windows Server 2003 into a more desktop-worthy operating system was a bit of a pain, so the desktop experience feature was simply intended to make it a bit easier to implement this usage scenario. It’s fully supported by Microsoft.

Now here’s where the DreamSpark deal beats The Ultimate Steal: unlike The Ultimate Steal (which is limited to university students), high school students can also take advantage of DreamSpark. So, if you’re a student at just about any university or high school, go ahead and nab yourself a copy and save 65 dollars. This is probably the only thing available on DreamSpark which is highly relevant to people who aren’t developers.

(If Microsoft decides to take down the steps, which I highly doubt, you can catch the full instructions on converting Windows Server 2008 from a barebones server operating system to a desktop operating system after the break.)

from Vijayshinva Karnure’s MSDN blog:

1. Enable Hardware Virtualization

My workstation is a x64 machine with hardware virtualization capabilities. This means I can run Hyper-V on my machine. Even if your machine’s hardware supports virtualization it is most likely not going to be enabled by default. You have to enable it via your BIOS setup.

2. Install the latest Graphics and Audio drivers

Being a server OS Windows 2008 carries with it basic graphics and audio drivers. To utilize the full strength of your hardware ensure you install the latest drivers for both graphics and audio hardware. Only with the proper graphics drivers will you be able to enable the "Aero" experience on Windows 2008.

3. Desktop Experience Feature

The Desktop Experience Feature enables a bunch of stuff that is by default present on a desktop OS. Most importantly it includes Themes, Windows Media player and the Aero related features. You will have to enable it form the Server Manager. The "Turn Windows features on or off" / "Add remove windows components" has all been rolled into the Server Manager now.

Server Manager > Features > Desktop Experience

Installing the Desktop Experience feature does not enable them. You have to manually set them up.

4. Themes

To enable Themes you will basically have to enable the Themes Service. Again being a server OS it is not enabled by default.

Services.MSC > Themes

Set the start up type to Automatic

Enabling the Aero Theme.

For this go to Control Panel > Personalization >Theme and select Windows Aero

5. Search

Search is also disabled by default on Windows 2008. Searching is important for me as I use it a lot to find my emails. To enable search you will have to add the File Services Role via Server Manager.

Server Manager > Roles > File Services > Windows Search

Outlook relies on this search service.

6. Disable Shutdown Event Tracker

Since I am using it as a workstation I do not want to keep a track of all the Shutdowns. The Shutdown Event Tracker is the pop up that you get asking you for a shutdown reason. To disable it

Open mmc.msc

Add the Group Policy snap-in

Under Administrative Templates expand System

Set Display Shutdown Event Tracer to Disabled

7. Audio

For audio you need to enable the Windows Audio service. You do this by setting the startup type to Automatic.

Services.msc > Windows Audio

Ensure you have proper drivers for your audio hardware… for me the default driver was not enabling the headphones … it started working fine after I got the proper driver.

8. SuperFetch

As a workstation, enabling SupertFetch will give you that additional bit of responsiveness. The SuperFetch services is disabled by default and when you try to enable it you will most likely ge
t an error message "The operating system is not presently configured to run this application"

You will have to make two registry changes to enable this service. I basically copied them over from my Vista machine.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

EnablePrefetcher DWORD 3

EnableSuperfetch DWORD 3

9. Get a codec pack.

For media hungry buffs download a codec pack. This will ensure you can play all media files.

10. Enable Hyper-V

With Hyper-V you can run virtual machines on your workstation. This is useful if you want to run your tests on older OS versions. Enabling  Hyper-V is easy

Server Manager > Roles > Hyper-V

Remember you need a Hyper-V enabled Windows 2008 licence and also your hardware has to support virtualization.

Also If you are using an existing VHD it may ask you to re-Activate Windows as it detected hardware changes.

One good thing about Windows Server 2008 is that it no longer asks for the i386 folder like Windows 2003 while you enable features.