Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Updates Jumped UAC Level


  • Please log in to reply
11 replies to this topic

#1 PresComm

PresComm

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 11:36 AM

Heya, just something I have been noticing across machines I fix for customers at work, and even on mine and my coworkers' machines, but...

Apparently, a recent Windows update(s) jacked UAC all the way up to the next-to-highest level. All machines involved have been Win7.

Anybody else notice this? I have a few candidate updates I believe may be the culprit, but have not had the time/posture today to thoroughly test them.

Just curious, given that two updates in the last batch actually broke the copy/paste function in AutoCAD 2015/2016. This looks to have been a bad batch of updates all around.

Edited by PresComm, 18 June 2015 - 11:39 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 11:45 AM

It could have broken a GPO you apply on the systems. Do you apply every Windows Updates, or only the security ones?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 PresComm

PresComm
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 11:50 AM

GPO wasn't in use in all environments. There were personal machines affected as well. Can't say for my personal machines because, well, I am a Linux guy.

Typically, we install "Important" or "Critical" updates, that includes security and otherwise.

Not a big deal, or anything I am worrying about. I was just curious if anyone had seen the same issue. If they have, I wanted to see what updates they had installed just before the issue. Wanted to see if I could narrow down the candidate update pool a bit.

Edited by PresComm, 18 June 2015 - 11:50 AM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 12:06 PM

If it's indeed caused by a Windows Update, we should see something coming up in the next days. Were they updates part of the Update Tuesday?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 PresComm

PresComm
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 12:14 PM

Yes, they were, I was being prompted to reboot all day yesterday to install them, and I rebooted at the end of my day. I know that when I left UAC was at the lowest setting. When I came in today, it was at the next-to-highest setting. Confirmed that Windows Updates had been installed. The scenario was the same for my coworker and the disparate clients as well.

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 12:16 PM

Okay so it basically reset the UAC level to the default setting. I read it as it changed it to the highest level.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 PresComm

PresComm
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 12:22 PM

Yeah, not highest, but next-to-highest, or default.

I'll update if I get a chance to test the updates more or if I find someone else that has already found the answer.

Edited by PresComm, 18 June 2015 - 12:22 PM.


#8 Mike.Tech

Mike.Tech

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Drivin' all night my hands wet on the wheel....
  • Local time:10:22 PM

Posted 18 June 2015 - 01:00 PM

Anything to do with KB3045645 maybe

Update to force a UAC prompt when a customized .sdb file is created in Windows

 

Possibly reset the UAC?



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,675 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:22 PM

Posted 18 June 2015 - 01:02 PM

What updates did you load?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 PresComm

PresComm
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 01:05 PM

Mike, I was able to fix the issue. I was just trying to track down which update may have caused it. KB3045645 hit my machine over a month ago, so I don't believe that would be the case. But thanks for the input.

#11 PresComm

PresComm
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 18 June 2015 - 01:10 PM

dc3, I suspected KB3065979, KB3064209, and KB3040272, as they hit my machine after the reboot yesterday. KB3058865 hit as well, but it is Microsoft SQL Server 2014 SP1, and I don't think any of the other the different computers I saw affected have SQL Server installed.

I also see KB890830 (Malicious Software Removal tool) in my update history, but not in appwiz.cpl. It is possible that could have done it.

Those are all the updates that dropped post-reboot yesterday.

Edited by PresComm, 18 June 2015 - 01:32 PM.


#12 PresComm

PresComm
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 19 June 2015 - 11:43 AM

Just an update...

I saw this on another machine today. I will note that, on this machine and one other, the UAC slider didn't actually change at all, but the UAC problem was still there. The easiest way to confirm if UAC is the issue is to grab a file, like one of the "Sample Pictures", and try to copy/paste it to the root of the C:/ drive; if you receive a UAC prompt and hitting "OK" allows you to save, but trying to save, say, "test.txt" directly to the drive from within Notepad fails, UAC is to blame.

I ended up performing the usual fix, which was to manually move the slider to the default (next-to-highest) level, reboot, lower all the way down, and reboot again. This fixed UAC.

Just thought I'd throw that out there in case anyone decides to go by the graphical slider to decide if UAC is enabled/disabled. That slider is notoriously bad about lying.

Edited by PresComm, 19 June 2015 - 11:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users