Первая уязвимость в Windows 7 RC

На support.microsoft.com опубликовано краткое описание первой уязвимости, обнаруженной в 32-хбитной версии Windows 7 Release Candidate.
Суть уязвимости заключается в некорректном наследовании прав доступа на папку, создаваемую в корневой директории системного диска.

Более подробно описание звучит следующим образом:
In the English version of Windows 7 Release Candidate (build 7100) 32-bit Ultimate, the folder that is created as the root folder of the system drive (%SystemDrive%) is missing entries in its security descriptor. One effect of this problem is that standard users such as non-administrators cannot perform all operations to subfolders that are created directly under the root. Therefore, applications that reference folders under the root may not install successfully or may not uninstall successfully. Additionally, operations or applications that reference these folders may fail.

For example, if a folder is created under the root of the system drive from an elevated command prompt, this folder will not correctly inherit permissions from the root of the drive. Therefore, some specific operations, such as deleting the folder, will fail when they are performed from a non-elevated command prompt. Additionally, the following error message appears when the operation fails:
Access is denied.
Furthermore, the missing security descriptor entries protect non-admin file operations directly under the root.

http://support.microsoft.com/kb/970789
Обновление для устранения неисправности уже доступно в WSUS. Рекомендую всем техническим специалистам принять к сведению.