On 8/26/15 8:09 PM, [email protected] wrote: > Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't > accept the admission because it's not a remote vulnerability. > Surprisingly Microsoft didn't accept the vulnerability because "UAC > isn't considered a security boundary".
UAC is not a security boundary. It's purpose is to annoy users in order to force vendors to fix their bad code: http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users/ -- Rich Pieri <[email protected]> MIT Laboratory for Nuclear Science
