Windows Thread, Another Windows Exploit? in Technical; This may be old news.....
I have been made aware of an issue with Windows XP that may be used ...
-
25th November 2005, 02:25 PM #1 Another Windows Exploit?
This may be old news.....
I have been made aware of an issue with Windows XP that may be used by the herberts to get round some of the security tools loaded in the task bar.
If you open notepad and type in a few characters, then click "Start" and "Shutdown" the PC will start to shut down. When most is unloaded, the system will stop to ask if you want to save your notepad doc. If you hit cancel at this point the PC will return to normal with most of your tools unloaded. I have briefly checked this and it does work.
The main problems I see are for those running Securus (who are aware and are preparing a fix for their client), AV software or any monitoring tools e.g. VNC or Radmin. Your users can carry out the above at the start of a session and then run unmonitored for the rest of the time.
I don't know if this is preventable by AD/GPO as I am yet to get up to speed on that subject.
-
-
IDG Tech News
-
25th November 2005, 07:48 PM #2 Re: Another Windows Exploit?
VNC runs as a service here with the autorecovery stuff turned on. The tray icons might get nuked but the actual service keeps chugging along. Sophos is the same.
If you have tools that you need that only run in userspace you need to shout at your supplier to rewrite them as a nt service. Its the only way to be safe.
-
-
27th November 2005, 01:58 PM #3 
- Rep Power
- 0
Re: Another Windows Exploit?
Message Removed Due To Being Advert
Russell
Admin
-
-
28th November 2005, 07:42 PM #4 Re: Another Windows Exploit?
NetOp and similar suffer from the same problem - I remember a thread in the u.e.schools-it newsgroup about it. NetOp runs (at least partly) as a service but still manages to cop it when they do this.
-
-
28th November 2005, 11:14 PM #5 Re: Another Windows Exploit?
Yep ... they tried to sell it to us and I told them of the problem. They seemed surprised and said they would look into it. I said bugger off until it is fixed then.
3 months later, another call. "You have expressed interest in NetOp"
yep ... have you fixed the bug where students can kill it off?
"What bug?"
The fact that it doesn't run as a service, but as an application and can be killed by (method described above).
"Erm ... we'll look into that."
Please do ... and don't forget to call back when it is fixed.
-------------
3 months later
"You have expressed and interest in NetOp"
have you fixed the bug?
"What bug?"
----------
and this has been for over a year.
Guess who will be having fun at the demonstration at BETT :-D
-
SHARE:
Similar Threads
-
By Geoff in forum Windows
Replies: 1
Last Post: 6th December 2005, 08:54 PM
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
LinkBack URL
About LinkBacks
Reply With Quote
