lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <A54506325BF6C74ABFBB7434F71661CF04742593@dnzakex1.datacom.co.nz>
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: MS Windows Screensaver Privilege Escalation

> 
> On Windows XP all releases, when you replace, or change the 
> screensaver displayed on the login screen with a specially 
> crafted version designed to execute programs, those programs 
> are launched under the SYSTEM SID, IE: they are given 
> automatically the highest access level avalible to Windows.  
> This level is not accessible even to administrators.
> 
> This flaw is important because while one would need Power 
> User privledges or above to change the Login Screensaver, by 
> default, any user with the exception of guest can replace the 
> login screensaver file with a modified version.  In theory, 
> any determined user could execute ANYTHING with SYSTEM 
> privledges.  A similar flaw exists in Win2K, but Microsoft 
> has ignored it.
> 

Interesting when read in the context of this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;221991&sd=tech 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ