In a post on the firm’s Help and Support site, Microsoft said the problem affects the 32-bit (x86) English-language version of Windows 7 build 7100, which incorrectly sets access control lists (ACLs) on the root.
It’s unclear just how dangerous this bug could be but Microsoft has already issued a hotfix, available through Windows update.
The x64 version of Windows 7, however, seems to be unaffected.
“In the English version of Windows 7 Release Candidate (build 7100) 32-bit Ultimate, the folder that is created as the root folder of the system drive (%SystemDrive%) is missing entries in its security descriptor,” says the posting.
“One effect of this problem is that standard users such as non-administrators cannot perform all operations to subfolders that are created directly under the root. Therefore, applications that reference folders under the root may not install successfully or may not uninstall successfully. Additionally, operations or applications that reference these folders may fail.
“For example, if a folder is created under the root of the system drive from an elevated command prompt, this folder will not correctly inherit permissions from the root of the drive. Therefore, some specific operations, such as deleting the folder, will fail when they are performed from a non-elevated command prompt. Additionally, the following error message appears when the operation fails: Access is denied.”
“Furthermore, the missing security descriptor entries protect non-admin file operations directly under the root.”