Windows 0-day thoughts and protection

Currently the news about a Proof-of-Concept malware makes the rounds which is able to bypass the User Account Control (UAC) of Windows Vista / Windows 7 without user notification to gain privileged system access. In plain English: This exploit enables attackers to execute their malware as administrator.

There are two things to keep in mind. First, UAC was never meant to be a security measure according to Microsoft. It is meant to ease the use of non-administrative accounts. Second, this is only a second-stage-exploit. This means, malware has to sneak into the system somehow first. But then it’s too late anyways, it can do everything it needs to with user rights already (like eavesdropping, stealing online account data, sending spam). Additionally, privilege escalation vulnerabilities aren’t really rare.

So while this PoC is no big threat by itself, we of course added detections for it to protect Avira users. Avira products will warn of exploit attempts as EXP/EUDPoC.A.

Dirk Knop
Technical Editor