Hello.
Correct me if I'm wrong, but the use of programs that utilize direct disk
access (such as DiskProbe) is restricted to the Local Administrator
account (as per
http://www.microsoft.com/windows2000/guide/professional/solutions/manageme
nt.asp). If an would be attacker has this kind of access, he automatically
has the sufficient power (due to the existence of the recovery agent
certificate, unless the computer is part of a domain (but that's another
story) to decrypt any locally stored file.
Nevertheless good work. This particular behavior of handling .tmp files by
the EFS code shows some poor design on Microsoft's part.
Regards,
Alexander
-----Original Message-----
From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of
Rickard Berglind
Sent: Friday, January 19, 2001 12:30
To: [EMAIL PROTECTED]
Subject: BugTraq: EFS Win 2000 flaw
I have found a major problem with the encrypted filesystem
( EFS ) in Windows 2000 which shows that encrypted files
are still very available for a thief or attacker.
<snip>
smime.p7s
