[<prev] [next>] [day] [month] [year] [list]
Message-ID: <78744869705CEF41A32C103C5C04F2200163A82E@phxexc1.dswa.net>
Date: Fri Dec 2 15:24:17 2005
From: ccarpenter at dswa.net (Christopher Carpenter)
Subject: Support_388945a0 account in Win XP/2003
Or more appropriately for the Windows security model, DISABLE the
account. That way you're not messing with default permissions, and the
account (and its associated SID) are there if you need them in the
future.
Or not.
Chris
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Aditya
Deshmukh
Sent: Thursday, December 01, 2005 10:09 PM
To: 'Raoul Nakhmanson-Kulish'
Cc: full-disclosure@...ts.grok.org.uk
Subject: RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
>
> > That is a "help and support account" that you should disable.
> > Also set very long random password and forget it.
> I prefer simply delete it. Good choice?
>
> But I heard a rumours that this account can be activated remotely
> without user's aware decision and used for Remote Assistance (e.g.
> capturing a screen and even controlling input).
I would not know about this unless I test it out, but from the top
of my mind : you have to start the service for something like this
Deleting it might cause problems "help and support"
just deny the account all kinds of privs and it would no longer matter.
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists