Is There an Even Bigger Security Hole in Windows 7's UAC?

Earlier this week, our own Josh Kamperschmidt told us how scripts could be used to disable Windows 7's UAC . Well, that's just the prelude to a potentially even bigger security issue: according to Long Zhen of the I Started Something blog, Windows 7's "improved" UAC  can be disabled by malicious software that is coded for auto-elevation . Auto-elevation is a feature that enables software being run by Administrators to skip the annoying "do you want to run this program" prompt that has made Windows Vista's version of UAC one of its most controversial features , not to mention one of the "I'm a Mac" commercials' favorite targets . Unlike the proof-of-concept exploit reported earlier, this one doesn't prompt you to reboot the system: it works silently. So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it: Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also ... (link)