[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <006301c8ec4b$7bc109d0$73431d70$@com>
Date: Tue, 22 Jul 2008 18:37:07 -0400
From: "Abe Getchell" <me@...getchell.com>
To: "'James C. Slora Jr.'" <james.slora@...a.com>
Cc: <bugtraq@...urityfocus.com>, "'Jim Harrison'" <Jim@...tools.org>
Subject: RE: Windows Vista Power Management & Local Security Policy
Correct. Power management in Windows Vista is apparently given a pass to
bypass local security policy, which is a bad thing, and sets a bad
precedence. I will leave it to others to exploit this security issue, given
that I know little about the programmatic aspect of power management in
Windows. There are people out there much more capable than me who, if they
feel it warranted, can research the issue further. I don't consider it, as
Jim Harrison would say, "wasting your time chasing things that 'might lead
to cats & dogs living together in sin'", but rather "security research" and
"sharing information". I don't consider Jim's reaction surprising at all,
though, as he works for Microsoft.
--
Abe Getchell
me@...getchell.com
https://abegetchell.com/
> -----Original Message-----
> From: James C. Slora Jr. [mailto:james.slora@...a.com]
> Sent: Tuesday, July 22, 2008 11:15 AM
> To: bugtraq@...urityfocus.com
> Subject: RE: Windows Vista Power Management & Local Security Policy
>
> So is this the bottom line?
>
> This is a security mechanism bug that might lead to privilege
> escalation
> for arbitrary user processes. The OP has left it for others to
> determine
> exploitability.
>
Powered by blists - more mailing lists