Potential security issue?

hexaae

Well-Known Member
Just wondering...
Since the tool runs elevated with admin rights, clicking on the task URLs (upgrade, www site etc.) may lead to security issues because the opening browser will inherit and go on the net with the same privileges (disabling also Protected mode for example with IE...). Then the user may navigate with the same browser window on malicious sites without warning... The same happens when new versions are found and you're asked to update through a web link...

Is it possible to make a medium-integrity child process to execute the links?

http://support.microsoft.com/kb/2278183
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682429(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/bb625960.aspx
 
Back
Top