The other change to be implemented in Windows 7 RC will effectively render moot the proof-of-concept attack that Rivera and Long published last week, which silently disables UAC. "That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working," DeVaan and Sinofsky said.

They didn't issue an apology for the dust-up, but said Microsoft had erred when deciding how to implement UAC in Windows 7. "We said we thought we were bound to make a mistake in the process of designing and blogging about Windows 7."

"We want to continue the dialog and hopefully everyone recognizes that engineering, perhaps especially engineering Windows 7, is sometimes going to be a lively discussion with a broad spectrum of viewpoints," they said.

One security professional praised Microsoft's move. "This goes back to what beta programs are supposed to provide, feedback from a real audience," said Andrew Storms, director of security operations at nCircle Network Security Inc.

"This was an obvious design flaw, and for them to say they simply weren't going to fix it, that was the real problem," Storms said. "I think they realized that they needed to do something, more over the concern about their reaction than to the vulnerability itself."