Attack Windows Vista in just two steps

An American researcher has explained how to install malicious code on Microsoft's new operating system even if the user account is under the control of the UAC (User Account Control) feature.

Expert Robert Paveza of Terralever said the malicious code can hide in a harmless software and does not need to be used to install it on the system. " For example, when the user downloads the Pac-Man game version, the malicious code will silently perform its task at the back, " explains Paveza.

After that, it will initiate an executable program and can be saved in the Start menu. Users will click on the idea that they are opening the original, legal program.

This attack is related to one of UAC's errors that Joanna Rutkowska discovered in February. " Vista balances security and convenience, so both UAC and Protected Mode IE are easy. use but exist many holes , "Rutkowska commented.

However, Microsoft underestimates this risk because it considers that the exploit requires significant user interaction.