So... once again... dumping admin privileges solves another security problem.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Friday, March 28, 2014 3:01 PM To: [email protected] Subject: Re: [NTSysADM] This is a new and interesting one (to me, anyway) If the logged on user has administrative privileges... On Fri, Mar 28, 2014 at 11:46 AM, Rod Trent <[email protected]> wrote: > One thing I'm not sure on in that...PowerShell runs in two modes, just like > other apps and services: logged-on user and administrative user. They never > mention in that article whether or not administrative rights are required for > the malware to make those changes. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > Sent: Friday, March 28, 2014 2:10 PM > To: [email protected] > Subject: Re: [NTSysADM] This is a new and interesting one (to me, > anyway) > > Very interesting, but not hugely surprising. A ubiquitous and very powerful > scripting language is bound to be abused, and it's going to be difficult to > guard against, especially for those with admin privileges. > > Kurt > > On Fri, Mar 28, 2014 at 10:22 AM, James Rankin <[email protected]> wrote: >> http://blog.trendmicro.com/trendlabs-security-intelligence/word-and-e >> x cel-files-infected-using-windows-powershell/ >> >> -- >> James Rankin >> --------------------- >> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The >> Virtualization Practice Analyst - Desktop Virtualization >> http://appsensebigot.blogspot.co.uk > > > > > > >
