lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100217140412.1645.qmail@securityfocus.com>
Date: 17 Feb 2010 14:04:12 -0000
From: barkley@....net
To: bugtraq@...urityfocus.com
Subject: Circumventing Critical Security in Windows XP

Hi,


I've detailed below just how easy (too easy) it is to circumvent the security of the following critical security services. Thus can't now become can!

It goes without saying that malware on entering a system by whichever means, and on detecting critical security services, can now even more easily (automated/scripted) disarm critical security services, just by modifying unprotected registry entries, for whatever malevolent purposes.

I've created registry entries (I can send these to you should you be interested) to demonstrate just how easy it is to circumvent the security of these critical security services, which unfortunately is all too easily a very effective way of immobilising critical security functions i.e. firewall, antivirus etc. This in my opinion is certainly not a vulnerability nor a flaw so to speak, but rather a functional design oversight?

I've verified this against the following with success. After these registry modifications have been effected and the system rebooted, these critical services will be disarmed.

BlackICE
McAfee
Pointsec
ISS Proventia
ZoneAlarm

On successfully disarming these security services, one could also use the following to then further manipulate the drivers & services, by reconfiguring their startup parameters to 'manual' and not 'automatic', or just disable them alltogether.

i.e. The following will reconfigure the startup parameters to 'manual' and not 'automatic' (default)
C:\>sc config VPatch start= demand
C:\>sc config BlackICE start= demand
C:\>sc config McShield start= demand
C:\>sc config McTaskManager start= demand
C:\>sc config McAfeeFramework start= demand
C:\>sc config Pointsec_start start= demand
C:\>sc config Pointsec start= demand


Cheers

Andrew Barkley
(-_-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ