Microsoft responds to UAC criticism in Windows 7 and fixes design flaws

After much criticism towards a huge UAC security flaw discovered by the Windows community, Microsoft shocked everyone when they simply dismissed the security flaw by insiting it as “by design,” stating that it will remain intact in the final version of Windows 7. The problem was that UAC could be changed silently unless UAC was set at its highest setting. The easy solution suggested by the community would be to make UAC a special circmstance and to have Windows notify the user whenever the UAC setting was changed regardless of the current UAC setting.

Just when it seemed like all hope was lost, Microsoft recently announced that they would listen and deliver two changes to the Release Candidate:

• The UAC Control Panel will run in a high integrity process, which requires elevation
• Changing the level of the UAC will prompt for confirmation

Starting in Windows 7 RC, you will always be prompted when the UAC level is changed to prevent any malicious scripts from silently changing your UAC level and taking over your computer. For everybody using Windows 7 Beta Build 7000 right now, it’s strongly recommended to have your UAC set to the highest setting to ensure they are safe from any UAC vulnerabilities.

It’s a good sign that Microsoft is still quick to respond to the community’s complaints to address the operating system’s issues. I encourage everyone to continue using Send Feedback on any other flaws you may find so Microsoft can hear us out.

Related posts:

1. Is Windows 7′s UAC still insecure?
2. Huge Security Flaw in Windows 7 UAC
3. Security research team find unfixable Windows 7 hack