There's no such thing as perfect security. A clever person or group can always find a way through or around obstacles to reach a goal. We're learning that again thanks to a security researcher who found a potentially dangerous feature buried deep in Windows.
This feature could let a hacker install malicious programs without administrator privileges or much chance of being stopped. It isn't clear when, if, or how Microsoft can patch this problem, and here's why.
The source of the problem is a core Windows program called Regsvr32, or Windows Registry Server, which is what what links up DLL, or library files, with the Windows Registry. It's a critical part of Windows, but it has a hidden feature no one realized.
Even worse, because of the way Regsvr32 works, it bypasses a lot of Windows' built-in security. In this case, this attack even bypasses Regsvr32's normal security against running things that can change the computer.
There is some good news, however. According the security researcher, this works only if a hacker has physical access to the computer. It's also only the first stage of an attack that requires the smarts of a skilled hacker to do actual damage.
While this is going to be a big concern for big companies with lots of computers and employees, individual users aren't in much danger. It's always possible a hacker will figure out a way to take advantage of this remotely, but they would still need to trick you into downloading and running a program first.
As always, a good way to stay safe from most online threats is to avoid links and attachment in unsolicited or suspicious email. You should also change your account settings from administrator to standard, which keeps programs from installing without your permission.
Will Microsoft update Regsvr32 to minimize this risk? It depends on whether it thinks the risk of this type of attack outweighs changing a vital part of Windows and potentially breaking a lot of computers.
In either case, keep reading our Happening Now section for updates on this and other security risks. We'll also tell you when Microsoft releases new patches and how you can get them.