+ Post New Thread
Results 1 to 5 of 5
Windows Thread, Another Windows Exploit? in Technical; This may be old news..... I have been made aware of an issue with Windows XP that may be used ...
  1. #1
    secman's Avatar
    Join Date
    Nov 2005
    Location
    Romford, Essex
    Posts
    107
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    18

    Another Windows Exploit?

    This may be old news.....
    I have been made aware of an issue with Windows XP that may be used by the herberts to get round some of the security tools loaded in the task bar.
    If you open notepad and type in a few characters, then click "Start" and "Shutdown" the PC will start to shut down. When most is unloaded, the system will stop to ask if you want to save your notepad doc. If you hit cancel at this point the PC will return to normal with most of your tools unloaded. I have briefly checked this and it does work.
    The main problems I see are for those running Securus (who are aware and are preparing a fix for their client), AV software or any monitoring tools e.g. VNC or Radmin. Your users can carry out the above at the start of a session and then run unmonitored for the rest of the time.
    I don't know if this is preventable by AD/GPO as I am yet to get up to speed on that subject.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Another Windows Exploit?

    VNC runs as a service here with the autorecovery stuff turned on. The tray icons might get nuked but the actual service keeps chugging along. Sophos is the same.

    If you have tools that you need that only run in userspace you need to shout at your supplier to rewrite them as a nt service. Its the only way to be safe.

  3. #3

    Join Date
    Nov 2005
    Posts
    43
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Another Windows Exploit?

    Message Removed Due To Being Advert

    Russell
    Admin

  4. #4
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: Another Windows Exploit?

    NetOp and similar suffer from the same problem - I remember a thread in the u.e.schools-it newsgroup about it. NetOp runs (at least partly) as a service but still manages to cop it when they do this.

  5. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,951
    Thank Post
    1,345
    Thanked 1,800 Times in 1,118 Posts
    Blog Entries
    19
    Rep Power
    597

    Re: Another Windows Exploit?

    Yep ... they tried to sell it to us and I told them of the problem. They seemed surprised and said they would look into it. I said bugger off until it is fixed then.

    3 months later, another call. "You have expressed interest in NetOp"

    yep ... have you fixed the bug where students can kill it off?

    "What bug?"

    The fact that it doesn't run as a service, but as an application and can be killed by (method described above).

    "Erm ... we'll look into that."

    Please do ... and don't forget to call back when it is fixed.

    -------------

    3 months later

    "You have expressed and interest in NetOp"

    have you fixed the bug?

    "What bug?"

    ----------

    and this has been for over a year.

    Guess who will be having fun at the demonstration at BETT :-D

SHARE:
+ Post New Thread

Similar Threads

  1. New Internet Explorer Exploit
    By Geoff in forum Windows
    Replies: 1
    Last Post: 6th December 2005, 07:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •