lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 May 2014 08:32:24 +0000
From: rai@...nmailbox.org
To: Stefan Kanthak <stefan.kanthak@...go.de>
Cc: fulldisclosure@...lists.org,
	Tavis Ormandy <taviso-1TlbntoI6+xF6kxbq+BtvQ@...lic.gmane.org>
Subject: Re: [FD] Beginners error: Hewlett-Packards driver software executes
 rogue binary C:\Program.exe

On 2014-05-21 16:26, Stefan Kanthak wrote:
> 
> 3. You think Windows' "user account control" is a security boundary.
> 
> UAC is but NOT a security boundary:
> 
> <http://technet.microsoft.com/magazine/2007.06.uac.aspx>
> 

> Microsoft tries to sell "defense in depth" to their customers since 
> they
> started their "trustworthy computing" about 13 years ago. But they 
> still
> create administrator accounts during Windows setup, CreateProcess() 
> still
> has the idiosyncrazy to execute C:\Program.exe, and the WHQL 
> certification
> still let drivers pass which execute C:\Program.exe during installation 
> and
> operation.
> 

Microsoft has been clear on this point, even from Vista as an old 
Symantec report notes:

"This message has been echoed by others at Microsoft in response to 
vulnerabilities being discovered in
UAC. Microsoft’s message is that UAC vulnerabilities are not considered 
security issues, as UAC does
not provide a security boundary."

and they

"observed that the User Account Control can be easily disabled 
manually... via the Local Security Policy tool included in Windows 
Vista."

http://maker.fea.st/Symantec_Security_Implications_of_Windows_Vista.pdf

(pg. 10 - more Microsoft references there)

--
rai

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists