It is really interesting to see: At the moment there seems to be a big race to find the first real Windows Vista vulnerability and to go public with it. I know that there are some reports out there claiming that the found THE single biggest issue in Vista. Let’s look at one of them:
http://www2.csoonline.com/blog_view.html?CID=32441 – the “vulnerability” in StickyKeys: Well, by exchanging sethc.exe, you can make Vista to launch an application other than StickKeys by pressing five times the Shift-Key. sethc.exe (the file you would have to replace) is located in the windows/system32 directory. In order to replace a file in this directory you have to be – administrator. So, if you are an admin on the box, what sense does it make to replace sethc.exe and wait until the user invokes StickyKeys… You could do whatever you want from this point on.
Let’s face it: When you are Admin of the box, you can do all sorts of bad things and UAC does not prevent you from doing whatever nonsese you want to do. Therefore: All the so-called vulnerabilities, where you have to be Admin in order to “exploit” them are nothing more than fuzz. If the attacker is Admin on your box beforehand, you lost anyway. We have to make sure that he/she does not get to this state at all. Afterwards, the show is over