Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

From: rai () openmailbox org
Date: Thu, 22 May 2014 08:32:24 +0000
On 2014-05-21 16:26, Stefan Kanthak wrote:


3. You think Windows' "user account control" is a security boundary.

UAC is but NOT a security boundary:

<http://technet.microsoft.com/magazine/2007.06.uac.aspx>
Microsoft tries to sell "defense in depth" to their customers since they started their "trustworthy computing" about 13 years ago. But they still create administrator accounts during Windows setup, CreateProcess() still has the idiosyncrazy to execute C:\Program.exe, and the WHQL certification still let drivers pass which execute C:\Program.exe during installation and 
operation.
Microsoft has been clear on this point, even from Vista as an old Symantec report notes:
"This message has been echoed by others at Microsoft in response to vulnerabilities being discovered in UAC. Microsoft’s message is that UAC vulnerabilities are not considered security issues, as UAC does 
not provide a security boundary."

and they
"observed that the User Account Control can be easily disabled manually... via the Local Security Policy tool included in Windows Vista." 

http://maker.fea.st/Symantec_Security_Implications_of_Windows_Vista.pdf

(pg. 10 - more Microsoft references there)

--
rai

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: