| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 May 2008 23:33:58 +0200 From: <skyout.fd@...ed-security.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: [Wired Security/EOF] Disable Windows Defender(Vista) PoC code On Wed, 14 May 2008 13:49:35 -0700, "Peter Ferrie" <peter.ferrie@...il.com> wrote: >> my friend Izee from the EOF-Project(.net) team has coded a >> simple PoC code, that demonstrates how to disable the Windows >> Defender on Vista (tested with and without SPs on x86/x64) >> using its own API made for it. > > Does he realise that he must be Admin first? > Then he he can just disable the service, or delete the files, or whatever. > Using the API doesn't gain much here. > the thing is, that microsoft says, that ONLY SIGNED processes can do this, this is a lie, nothing more and in my oppinion this opens an attack vector and provides common insecurity... cheers, skyout ps: http://msdn.microsoft.com/en-us/library/bb762466(VS.85).aspx | read remarks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists