On 8/26/15 8:09 PM, vozzie@xxxxxxxxx wrote: > Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't > accept the admission because it's not a remote vulnerability. > Surprisingly Microsoft didn't accept the vulnerability because "UAC > isn't considered a security boundary". UAC is not a security boundary. It's purpose is to annoy users in order to force vendors to fix their bad code: http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users/ -- Rich Pieri <ratinox@xxxxxxx> MIT Laboratory for Nuclear Science
