Microsoft Denies Security Issues

Two researchers have found a major security gap in Windows 10, and Microsoft has no plans to address it…

According to Laptop Magazine, two security researchers, Matt Graeber and Matt Nelson, found a security vulnerability in the Windows 10 User Account Controls (UAC).  The UAC function is to block unwanted programs and malware from executing.  However, the security issue involves how the SilentCleanup process can be leveraged to allow malware to bypass the UAC.  Graeber and Nelson outlined this flaw on the Enigmaox3 website; however Microsoft is denying the problem creates any kind of security gaps, as they do not categorize the UAC as a security feature.

If Microsoft does not see it as a security issue, then what exactly are the security researchers claiming?  First, the magnitude of the issue is the privilege rights within system itself.  The vulnerability allows malware to get into the SilentCleanup which works within the Disk Cleanup.  The SilentCleanup and Disk Cleanup run at the highest privilege, meaning if any kind of malware is given access, it can corrupt your entire system.  Graeber and Nelson suggested Microsoft decrease these rights, if they indeed have no intentions to fix the security holes.  By doing so, the amount of damage able to be done is reduced, if and when a malware attack takes place.

Now, to the root of the problem, how the malware actually gets into the system.  The Disk Cleanup creates a temporary folder filled with Dynamic Link Library (.DLL) files.  Since Windows gives users write-level access to this temporary directory, Graeber and Nelson discovered that any other .DLL could be dropped into this folder, and then run with the highest privileges.

So, if a user becomes a victim of a hacker dropping a malicious .DLLs file into their Disk Cleanup, they’re entire system will become infected.  I spoke with PC Matic’s Vice President of Cyber Security, Dodi Glenn, to determine what could be done to prevent infections, since Microsoft doesn’t plan to address the vulnerability.  He reported PC Matic as a valid security solution.  Here is exactly what Dodi had to say:

If you’re utilizing Windows 10, PC Matic proactively protects your computer from crippling executables and DLLs by scanning these files prior to execution. PC Matic features an intelligent whitelist technology, blocking any malicious DLLs and unknown applications from ever infecting your system.

There is an option to disable the UAC feature where this vulnerability is found.  Graeber and Nelson provide a step-by-step guide on how to do so; however, I will warn you, it appears to be rather complicated.

 1,650 total views,  1 views today

(Visited 1 times, 1 visits today)

12 thoughts on “Microsoft Denies Security Issues”

  1. I would saybthat 99% of computer users are ordiary folk who have very little if any of computer programs. Apart from switching on and launching the required programmes. In clude me in this a 75 year old former Engineer.
    So what has MSdone to upset the ‘ordinary’ customer or user.
    I remember many years ago at the start o the computer age logging in with DOS and trying to write short cuts in DOS.
    Then we had Windows 3 and then 3.1 and since then we have never looked back. Programmes have worked that have been designed for Windows, all nearly very well.
    There have been arguments since time began between Mac – Apple and some othe systems tha have since gone.
    I am into using Windows 10 and accept the updates as they come through – just as you turn of the computer. 35 the other night 3/4 hour to down load install. What were they — no idea- was it spying on me -no idea — am I worried — no — should I be ???
    Let me know it seems to be working ok and dong the things that I want, and have had no men with hoods outside the house.
    All the best

  2. This is just one of many “backdoors” that Microsoft has given their FedPig buddies to let them get into your computer any time they want without you knowing. OF COURSE they’re not going to patch it.

  3. Exactly why I will not get Windows 10. If I ever buy another computer it will be an Apple computer. I have had it with Microsoft and their garbage, like ME, Vista and from what I have heard and read Windows 10 sucks.

    1. Keith A. Lindsey, MBA

      @Rick: Rick, you should look into Linux Mint ( rather than buying a pricey Mac. I mean, if you want a Mac, that’s fine (it’s actually a cousin of Linux), but it’s also very expensive! Linux is free, though you can donate $20 to aid development.

      Oh, and contrary to popular belief, it’s not just for techies anymore! Very easy to use!

  4. Robert Fitzgerald

    No dude-Dave. Not all firewalls do that. Read the reviews on Tiny Wall. This gem (TW) over-rides windows firewall HOLES. Effectively giving control back to the user of just what programs can communicate to and from internet connections. You only need to find one root kit hidden inside of such program files as Intel Program Files to know and quickly learn Windows 10 firewall control is filled with holes, TW closes all holes unless approved by user. It’s free and it works.

  5. Great scare story to aid sales of PC Matic! But I rather think that any proprietary Internet Security program will already have this ‘security hole’ plugged!

    1. @Sheri:
      I would rather be safe than guess at what my anti virus software is or is not protecting. I had enough issues with Norton and McAfee that I changed to PD Matic. and my PC runs faster.

  6. Robert Fitzgerald

    I found a small yet powerful free Firewall which gives the power of choice as to what programs can and cannot access the net or net access the programs.
    This little gem is called “TINY WALL”.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.