Full Disclosure mailing list archives
Re: [Wired Security/EOF] Disable Windows Defender(Vista) PoC code
From: <skyout.fd () wired-security net>
Date: Thu, 15 May 2008 23:33:58 +0200
On Wed, 14 May 2008 13:49:35 -0700, "Peter Ferrie" <peter.ferrie () gmail com> wrote:
my friend Izee from the EOF-Project(.net) team has coded a simple PoC code, that demonstrates how to disable the Windows Defender on Vista (tested with and without SPs on x86/x64) using its own API made for it.Does he realise that he must be Admin first? Then he he can just disable the service, or delete the files, or
whatever.
Using the API doesn't gain much here.
the thing is, that microsoft says, that ONLY SIGNED processes can do this, this is a lie, nothing more and in my oppinion this opens an attack vector and provides common insecurity... cheers, skyout ps: http://msdn.microsoft.com/en-us/library/bb762466(VS.85).aspx | read remarks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Wired Security/EOF] Disable Windows Defender (Vista) PoC code skyout.fd (May 14)
- Re: [Wired Security/EOF] Disable Windows Defender (Vista) PoC code Peter Ferrie (May 14)
- Re: [Wired Security/EOF] Disable Windows Defender (Vista) PoC code Fredrick Diggle (May 14)
- Re: [Wired Security/EOF] Disable Windows Defender(Vista) PoC code skyout.fd (May 15)
- Re: [Wired Security/EOF] Disable Windows Defender(Vista) PoC code Fredrick Diggle (May 16)
- Re: [Wired Security/EOF] Disable Windows Defender (Vista) PoC code Peter Ferrie (May 14)