Bugtraq mailing list archives
Re: Windows 2000 Run As... Feature
From: Camillo.Sars () F-SECURE COM (Camillo Särs)
Date: Tue, 25 Jan 2000 09:40:56 +0200
jdglaser wrote:
I'd like to add that MS Secure Attention Sequence is not exactly so trusted. Nothing prevents another Gina from being put into play, nor prevents process code injection - DLL API hooking.
This requires Administrator privileges, or the ability to act under the SYSTEM account. With such privileges, anything is possible. I wouldn't agree that this is a problem. The SAS is a guaranteed way of passing control to a SYSTEM process. Provided, of course, that your system has not been compromised, and that any other SAS implementations do not utilize non-privileged code. Regards, Camillo -- Camillo Särs <Camillo.Sars () F-Secure com> http://www.iki.fi/ged/ Researcher, Crypto Research http://www.F-Secure.com/ F-Secure Corporation (formerly Data Fellows Corporation) F-Secure products: Integrated Solutions for Enterprise Security
Current thread:
- Re: Windows 2000 Run As... Feature, (continued)
- Re: Windows 2000 Run As... Feature Jesper M. Johansson (Jan 24)
- Re: Windows 2000 Run As... Feature David LeBlanc (Jan 25)
- Re: Windows 2000 Run As... Feature Ben Russell (Jan 25)
- Re: Windows 2000 Run As... Feature Steve Wolfe (Jan 26)
- Re: Windows 2000 Run As... Feature Kenn Humborg (Jan 27)
- SAS behavior in Windows NT - RE: Windows 2000 Run As... Feature jdglaser (Jan 26)
- Re: SAS behavior in Windows NT - RE: Windows 2000 Run As... Feature Jesper M. Johansson (Jan 26)
- Re: SAS behavior in Windows NT - RE: Windows 2000 Run As... Feature Peter Berendi (Jan 27)
- Re: Windows 2000 Run As... Feature David LeBlanc (Jan 25)
- Re: SAS behavior in Windows NT - RE: Windows 2000 Run As... Feature David LeBlanc (Jan 26)
- Re: Windows 2000 Run As... Feature Jesper M. Johansson (Jan 24)
- Re: Windows 2000 Run As... Feature Camillo Särs (Jan 24)
- multicasts from hell Tim Yardley (Jan 25)
- Re: Windows 2000 Run As... Feature David LeBlanc (Jan 25)