|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Windows 2000 Run As... Feature
Subject: Re: Windows 2000 Run As... Feature
From: Camillo Särs (Camillo.Sars
F-SECURE.COM)
Date: Tue Jan 25 2000 - 01:40:56 CST
- Next message: Evil Pete: "Re: S/Key & OPIE Database Vulnerability"
- Previous message: Chan Wilson: "Re: majordomo 1.94.5 does not fix all vulnerabilities"
- In reply to: jdglaser: "Re: Windows 2000 Run As... Feature"
- Next in thread: David LeBlanc: "Re: Windows 2000 Run As... Feature"
- Next in thread: Steven Kastl: "Re: Windows 2000 Run As... Feature"
- Reply: Camillo Särs: "Re: Windows 2000 Run As... Feature"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
jdglaser wrote:
> I'd like to add that MS Secure Attention Sequence is not exactly so
> trusted. Nothing prevents another Gina from being put into play, nor
> prevents process code injection - DLL API hooking.
This requires Administrator privileges, or the ability to act under the
SYSTEM account. With such privileges, anything is possible. I wouldn't
agree that this is a problem.
The SAS is a guaranteed way of passing control to a SYSTEM process.
Provided, of course, that your system has not been compromised, and that
any other SAS implementations do not utilize non-privileged code.
Regards,
Camillo
-- Camillo Särs <Camillo.Sars
- Next message: Evil Pete: "Re: S/Key & OPIE Database Vulnerability"
- Previous message: Chan Wilson: "Re: majordomo 1.94.5 does not fix all vulnerabilities"
- In reply to: jdglaser: "Re: Windows 2000 Run As... Feature"
- Next in thread: David LeBlanc: "Re: Windows 2000 Run As... Feature"
- Next in thread: Steven Kastl: "Re: Windows 2000 Run As... Feature"
- Reply: Camillo Särs: "Re: Windows 2000 Run As... Feature"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Jan 25 2000 - 14:09:37 CST