Interesting exploit. Although I think this might not be new. I fired up a somewhat old Windows XP VM I had to test it, and despite the fact that standard users had permissions to read&execute AT.EXE, they were still denied access. Same deal on my company workstation which is absolutely up to date. I'm assuming that may be due to a patch that came through at some point in the past? I just wanted to make sure so I know whether I need to act on this or not.
________________________________ From: [EMAIL PROTECTED] on behalf of Derek Harris Sent: Tue 8/1/2006 7:20 PM To: [email protected] Subject: [ActiveDir] OT: XP exploit Use GPO to prevent users from running the scheduler. Need to do a reg hack to block local accounts. http://www.projectstreamer.com/users/r0t0r00t3r/xp_priv_esc/xp_priv_esc. html List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
<<winmail.dat>>
