On 3 Dec 2009 at 14:55, Murray Freeman wrote: > Yesterday, one of my users got infected with a trojan, and since all our > users are "restricted users", we were trying to figure out if perhaps the > computer's local administrator permissions allowed this to happen. It turns > out that a new profile was created named "XXXX" with administrative > permissions, So, my question is how can a virus/trojan create a user while > logged in as a restricted user?
There are obviously unpatched privilege-elevation vulnerabilities that allow the restricted-user account to run something with elevated privs, which then installs the trojan. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
