| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Jul 2008 18:37:07 -0400 From: "Abe Getchell" <me@...getchell.com> To: "'James C. Slora Jr.'" <james.slora@...a.com> Cc: <bugtraq@...urityfocus.com>, "'Jim Harrison'" <Jim@...tools.org> Subject: RE: Windows Vista Power Management & Local Security Policy Correct. Power management in Windows Vista is apparently given a pass to bypass local security policy, which is a bad thing, and sets a bad precedence. I will leave it to others to exploit this security issue, given that I know little about the programmatic aspect of power management in Windows. There are people out there much more capable than me who, if they feel it warranted, can research the issue further. I don't consider it, as Jim Harrison would say, "wasting your time chasing things that 'might lead to cats & dogs living together in sin'", but rather "security research" and "sharing information". I don't consider Jim's reaction surprising at all, though, as he works for Microsoft. -- Abe Getchell me@...getchell.com https://abegetchell.com/ > -----Original Message----- > From: James C. Slora Jr. [mailto:james.slora@...a.com] > Sent: Tuesday, July 22, 2008 11:15 AM > To: bugtraq@...urityfocus.com > Subject: RE: Windows Vista Power Management & Local Security Policy > > So is this the bottom line? > > This is a security mechanism bug that might lead to privilege > escalation > for arbitrary user processes. The OP has left it for others to > determine > exploitability. >
Powered by blists - more mailing lists