Conrad wrote: Sorry, we do not utilize a "piece of cake" approach.
Not a really friendly comment towards your customers.
If you don't like exploits in your application, you should treat them as such, and be honest towards your customers.
This is my last post here, I will recommend towards our security officer not to continue with your product, this text (not the post, will likely be deleted in minutes by admin), will be forwarded to them.
It is not fixed on Monday, do you realize you have released a mayor security breach, and are not solving it with the same urgency? I'm a developer, so I know solving this is really a peace of cake. Takes about 10 minutes to adapt your software.
I would urgently request to remove the message. I found when I press "Tell me more" and internet explorer session is started. With that "Local System" account I can do anything (starting explorer etc..) on that computer (via file > open in IE) without logging on!! This is a MAYOR security concern.