Microsoft won’t patch Windows registry warning problem
The attack was discovered by John Page, who goes by the name hyp3rlinkx. It focuses on the Windows registry, which is a database of configuration settings for software programs, hardware devices, user preferences and the operating system itself.
Users can make changes to the registry using the Registry Editor program that ships with Windows, but this isn’t something that non-power users would normally do. Messing with the registry can cripple your machine or introduce security risks.
In most cases, when a Windows user really must make changes to the registry, they’ll do it by clicking on a file with a
.reg extension. These files, provided by a trusted third party, alter the registry without the user having to enter anything.
This is why a dialogue box appears when opening a .reg file, asking users if they trust the source and if they want to continue. It will then offer a ‘yes’ or ‘no’ choice.
Page’s attack changes that. In a document describing the process, he explains:
…we can inject our own messages thru the filename to direct the user to wrongly click “Yes”, as the expected “Are you sure you want to continue?” dialog box message is under our control.