Matthew Walker wrote: > The Original Post is http://www.securityfocus.com/bid/11711 > > On Windows XP all releases, when you replace, or change the > screensaver displayed on the login screen with a specially > crafted version designed to execute programs, those programs > are launched under the SYSTEM SID, IE: they are given > automatically the highest access level available to Windows. > This level is not accessible even to administrators.
<snip> Nice find Mathew. But this is amazingly bad. Though I only run windoze as a VM under SuSE, this has made me decide to shut the VM down rather than let it run with a locked screen saver. My choice now is to either run it with such a short lock period that I will constantly have to take time to log back in, or just shut it down every time I leave my desk and restart the VM when I need it (less and less these days). I have chosen the later as the least time consuming. Amazing that M$ has decided to disregard the hole... no, more like a valley. I can just imagine all the company crackers walking around with a trojaned logon.scr on their USB stick looking for unattended boxes. Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA Information Security Engineer DP Solutions ----------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
