lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <416D3C03.3000902@secnetops.com>
From: kf_lists at secnetops.com (KF_lists)
Subject: EEYE: Windows VDM #UD Local Privilege Escalation

ISS would like to have you believe otherwise...  when I contacted them 
about the Local SYSTEM escalation in BlackICE we went in circles over 
the fact that I feel that taking local SYSTEM on a win32 box IS a 
problem and they don't. They tryed to say some crap like "in all our 
years in the industry we have never had a customer state that local 
windows security was a concern... blah blah (paraphrasing)". And 
something along the lines of "Windows is not a true multi-user system 
(like unix) so local escalation means nothing."

-KF

  > Also, at least in MS Windows, it's my personal feeling that local
> privilege escalation issues (particularly escalation to kernel or system 
> status) should be critical issues.  Whether people can run arbitrary 
> code on MS Windows systems these days isn't an exercise for the mind 
> anymore, it's an exercise of "go look at your neighbors computer and see 
> that it's done regularly".
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ