[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
- To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
- From: Georgi Guninski <guninski@xxxxxxxxxxxx>
- Date: Tue, 6 Sep 2011 18:57:16 +0300
On Mon, Sep 05, 2011 at 07:50:51PM +0000, Thor (Hammer of God) wrote:
> Excellent points - one slight addition, though:
>
> >In fact, the Windows Script Host software is mostly used to write system
> >maintenance scripts,
> >so it's obvious its scripts can't be restricted or they'd be useless.
>
> Scripts can certainly be restricted based on the account context they are
> executed under. There is actually plenty one can do with "normal user"
> scripts, but as you've pointed out, many of the options admins require
> scripts for need escalated privileges. This is obviously be design, and it
> helps to keep admins aware of best practices when choosing to deploy
> solutions via scripting. There are, of course, many many other ways once can
> accomplish system maintenance in a more secure way such as WMI, PS (which can
> require signed scripts) and of course GPO and/or any other number of
> solutions.
>
> I thought it important to outline that since, in my experience with "real"
> admins, WSH is actually *not* used mostly for system maintenance per se, but
> for standard automation. Using scripts to perform actual administrative
> tasks/maintenance is just a bad idea to begin with.
>
you mean "to perform actual administrative tasks/maintenance"
``"real" admins'' just click with the mouse on the platform in this thread?
--
joro
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/