[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Circumventing Critical Security in Windows XP

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Circumventing Critical Security in Windows XP
From: anonym@xxxxxxxxxx
Date: 28 Feb 2010 00:18:04 -0000

administrator level doesnt matter much when we talk about antivirus/firewall 
softwares because nowadays they have a builtin protection that will try to 
prevent they get disabled, no matter what is the user access rights over the 
system. if the software can be disabled, then the flaw is in the software 
itself, and is indeed a vulnerability.

ps: on Windows XP users by default have admin rights when created, the standard 
user is member of the administrators group. On Windows Vista and later the 
standard user is admin too but the UAC forces the user to have "user level" 
rights. but demonstration code has been published to bypass this protection, 
then again that kind of modification (the modification did by the sc command 
reflects in the registry in the HKEY_LOCAL_MACHINE in which only admins can 
write data) will be possible.

Follow-Ups:
- Re: Re: Circumventing Critical Security in Windows XP
  - From: Jann Horn
- Re: Circumventing Critical Security in Windows XP
  - From: Ansgar Wiechers

Prev by Date: Re: Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0)
Next by Date: CONFidence 2010 /25-26 May/, CfP
Previous by thread: Re: Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0)
Next by thread: Re: Re: Circumventing Critical Security in Windows XP
Index(es):
- Date
- Thread