| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 May 2014 11:13:23 -0400 From: Michael Cramer <mike.cramer@...look.com> To: "rai@...nmailbox.org" <rai@...nmailbox.org> Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>, Stefan Kanthak <stefan.kanthak@...go.de>, Tavis Ormandy <taviso-1TlbntoI6+xF6kxbq+BtvQ@...lic.gmane.org> Subject: Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Can someone reference something more than a report on Windows Vista? UAC combined with standard user privilege combines the integrity system applied via UAC and standard reduced security permissions. UAC when the user has an Administrator token is a different beast and there are some known bypasses. However, requiring admin approval mode for all applications and all users, including local administrators, will go far. Integrity levels are applied via icacls just as security permissions. Sent from my iPhone > On May 22, 2014, at 4:59, rai@...nmailbox.org wrote: > >> On 2014-05-21 16:26, Stefan Kanthak wrote: >> 3. You think Windows' "user account control" is a security boundary. >> UAC is but NOT a security boundary: >> <http://technet.microsoft.com/magazine/2007.06.uac.aspx> > >> Microsoft tries to sell "defense in depth" to their customers since they >> started their "trustworthy computing" about 13 years ago. But they still >> create administrator accounts during Windows setup, CreateProcess() still >> has the idiosyncrazy to execute C:\Program.exe, and the WHQL certification >> still let drivers pass which execute C:\Program.exe during installation and >> operation. > > Microsoft has been clear on this point, even from Vista as an old Symantec report notes: > > "This message has been echoed by others at Microsoft in response to vulnerabilities being discovered in > UAC. Microsoft’s message is that UAC vulnerabilities are not considered security issues, as UAC does > not provide a security boundary." > > and they > > "observed that the User Account Control can be easily disabled manually... via the Local Security Policy tool included in Windows Vista." > > http://maker.fea.st/Symantec_Security_Implications_of_Windows_Vista.pdf > > (pg. 10 - more Microsoft references there) > > -- > rai > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists