Windows Vista Gets ActiveX Installer Service
Once again, Microsoft is bowing to pressure from businesses rather than thinking of possible security ramifications of the features they add to Windows Vista. This time Windows Vista gets an ActiveX installer service so that the controls can be installed on client workstations regardless of the permissions of the user logged in.
The new feature, called ActiveX Installer Service, will be fitted into the next public release of Vista to provide a way for enterprises to cope with the UAC (User Account Control) security mechanism.
UAC, formerly known as LUA (Limited User Account), is enabled by default in Vista to separate Standard User privileges from those that require admin rights to harden the operating system against malware and malicious hacker attacks.
However, because UAC will block the installation of ActiveX controls on Standard User systems, enterprise applications that use the technology will encounter breakages. ActiveX controls are objects used to enhance a user’s interaction with an application.
This sounds like an exploit that many will be salivating to take control of. While it remains to be seen just how vulnerable this “feature” is, the base description certainly leaves a lot to be desired. How long before a privilege escalation exploit is released?