[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [Wired Security/EOF] Disable Windows Defender(Vista) PoC code

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] [Wired Security/EOF] Disable Windows Defender(Vista) PoC code
From: <skyout.fd@xxxxxxxxxxxxxxxxxx>
Date: Thu, 15 May 2008 23:33:58 +0200

On Wed, 14 May 2008 13:49:35 -0700, "Peter Ferrie" <peter.ferrie@xxxxxxxxx>
wrote:
>> my friend Izee from the EOF-Project(.net) team has coded a
>> simple PoC code, that demonstrates how to disable the Windows
>> Defender on Vista (tested with and without SPs on x86/x64)
>> using its own API made for it.
> 
> Does he realise that he must be Admin first?
> Then he he can just disable the service, or delete the files, or
whatever.
> Using the API doesn't gain much here.
> 

the thing is, that microsoft says, that ONLY SIGNED processes can do this,
this
is a lie, nothing more and in my oppinion this opens an attack vector and
provides
common insecurity...

cheers,
skyout

ps: http://msdn.microsoft.com/en-us/library/bb762466(VS.85).aspx | read
remarks

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [Wired Security/EOF] Disable Windows Defender(Vista) PoC code
  - From: Fredrick Diggle

References:
- Re: [Full-disclosure] [Wired Security/EOF] Disable Windows Defender (Vista) PoC code
  - From: Peter Ferrie

Prev by Date: Re: [Full-disclosure] Geeks
Next by Date: Re: [Full-disclosure] Geeks
Previous by thread: Re: [Full-disclosure] [Wired Security/EOF] Disable Windows Defender (Vista) PoC code
Next by thread: Re: [Full-disclosure] [Wired Security/EOF] Disable Windows Defender(Vista) PoC code
Index(es):
- Date
- Thread