Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [in] MS Windows Screensaver Privilege Escalation
From: "Curt Purdy" <purdy () tecman com>
Date: Wed, 24 Nov 2004 20:42:14 -0600

Matthew Walker wrote:
The Original Post is http://www.securityfocus.com/bid/11711

On Windows XP all releases, when you replace, or change the 
screensaver displayed on the login screen with a specially 
crafted version designed to execute programs, those programs 
are launched under the SYSTEM SID, IE: they are given 
automatically the highest access level available to Windows.  
This level is not accessible even to administrators.

<snip>

Nice find Mathew.  But this is amazingly bad.  Though I only run windoze as
a VM under SuSE, this has made me decide to shut the VM down rather than let
it run with a locked screen saver.  

My choice now is to either run it with such a short lock period that I will
constantly have to take time to log back in, or just shut it down every time
I leave my desk and restart the VM when I need it (less and less these
days).  I have chosen the later as the least time consuming. 

Amazing that M$ has decided to disregard the hole... no, more like a valley.
I can just imagine all the company crackers walking around with a trojaned
logon.scr on their USB stick looking for unattended boxes.

Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer 
DP Solutions

-----------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]