Indeed :)
*ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Fri, Mar 28, 2014 at 3:14 PM, Rod Trent <[email protected]> wrote: > So... once again... dumping admin privileges solves another security > problem. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Kurt Buff > Sent: Friday, March 28, 2014 3:01 PM > To: [email protected] > Subject: Re: [NTSysADM] This is a new and interesting one (to me, anyway) > > If the logged on user has administrative privileges... > > On Fri, Mar 28, 2014 at 11:46 AM, Rod Trent <[email protected]> > wrote: > > One thing I'm not sure on in that...PowerShell runs in two modes, just > like other apps and services: logged-on user and administrative user. They > never mention in that article whether or not administrative rights are > required for the malware to make those changes. > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Kurt Buff > > Sent: Friday, March 28, 2014 2:10 PM > > To: [email protected] > > Subject: Re: [NTSysADM] This is a new and interesting one (to me, > > anyway) > > > > Very interesting, but not hugely surprising. A ubiquitous and very > powerful scripting language is bound to be abused, and it's going to be > difficult to guard against, especially for those with admin privileges. > > > > Kurt > > > > On Fri, Mar 28, 2014 at 10:22 AM, James Rankin <[email protected]> > wrote: > >> http://blog.trendmicro.com/trendlabs-security-intelligence/word-and-e > >> x cel-files-infected-using-windows-powershell/ > >> > >> -- > >> James Rankin > >> --------------------- > >> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The > >> Virtualization Practice Analyst - Desktop Virtualization > >> http://appsensebigot.blogspot.co.uk > > > > > > > > > > > > > > > > > > > > > >
