By Fjodor on Feb. 14, 2007.
Seems MS has an answer for Joanna Rutkowska (her blog entry), with regards to the situation described in my last post.
Contrary to all statements leading up to the Vista relase, she quotes Mark Russinovich of MS as writing that UAC is not “a security boundary”, and thus that:
Because elevations and ILs donâ€™t define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs.
So, not only is the much hyped security measures not reagarded as security measures by MS, and thus their failing to provide security is a non-bug.
Now isn’t that lovely?