Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gaining System-Level Access To Vista

Posted by kdawson on from the seems-too-simple-somehow dept.

An anonymous reader writes "This video shows a method by which a user can use a Linux distro called BackTrack to gain system access to Windows Vista without logging into Windows or knowing the username or password for any accounts. To accomplish this, the user renames cmd.exe to Utilman.exe — this is the program that brings up the Accessibility options for users without sight or with limited vision. The attack takes advantage of the fact that the Utility Manager can be invoked before the user logs into the system. The user gains System access, which is a level higher than Administrator. The person who discovered this security hole claims that XP, 2000, 2003 and NT are not vulnerable to it; only Windows Vista is."

25 of 412 comments (clear)

  1. Cancel.... by FriendSite.com · · Score: 5, Funny

    Allow full root access

    Cancel or Allow...

  2. Is this how it was planned? by websters · · Score: 5, Funny

    A conversation amongst the developers: Dev 1: "You see - we can just rename the exe and then get the job done!" Dev 2: "Is there a risk?" Dev 1: "How? Users without sight or with limited vision will have a hard time getting to cmd.exe to rename it - dumbass!"

  3. Mastercard Ad by this+great+guy · · Score: 5, Funny
    • Getting Camstasia Studio to record your BackTrack & Vista sessions: free (you got the free trial version)
    • Downloading a James Bond music to put it in your flash demo: free (you have got crazy peer-to-peer skillz)
    • Showing the world the amazing things you can do with physical access to a box and that it takes you 60 long secs to painfully rename cmd.exe to utilman.exe: ...priceless
  4. Re:PANIC by jhdevos · · Score: 5, Funny

    Right... They should think of some system where the BIOS will only load code that was digitally signed somehow, so these atrocities are no longer possible. Personally, I will only feel safe when I know that Microsoft completely controls what goed on on my PC!

  5. Re:Long weekend... by Tubal-Cain · · Score: 4, Funny

    [badpun]Why not just call it a NIC like everyone else?[/badpun]

  6. Re:WTF? by urcreepyneighbor · · Score: 3, Funny

    You should look at "top" some time and see what pid number 1 is and who ran it. OMG! You h4x0r3d my box!

    My porn! My precious porn!!
    --
    "The fight for freedom has only just begun." - Geert Wilders
  7. Re:physical access == game over by debatem1 · · Score: 4, Funny

    Maybe if you did it to a Vista machine a decade ago, it would have.

  8. You silly people by Martian_Kyo · · Score: 3, Funny

    this is not a security hole
    this is a feature
    which helps you recover data after you forgot your password.

  9. Re:physical access == game over by Count+Fenring · · Score: 5, Funny

    I think we can all agree that any hack involving a time machine is newsworthy.

  10. Re:physical access == game over by Arivia · · Score: 2, Funny

    Sure there's such thing as a bit pregnant. It's a 2.

    --
    The role of the writer is not to say what we can all say, but what we are unable to say. -Anais Nin
  11. Re:physical access == game over by debatem1 · · Score: 4, Funny

    For a while, anyway.

  12. Re:physical access == game over by Kugrian · · Score: 5, Funny

    Face it, if an attacker already has physical access to a system -- to the extent that he can run his own Linux OS on it and mess with the contents of its disks -- then that computer is already, entirely owned. This is true for Linux, it's true for OS X, it's true for BSD, and it's true for Windows. That's just the way computers work.


    It's much much harder with Linux. First of all you have to work out how to lure the user out of their basement and away from their computer.
  13. Re:Oh... by Anonymous Coward · · Score: 1, Funny

    Remove the laptop hard disk? I have a MacBook Air you insensitive clod!

  14. Re:Long weekend... by WI2822 · · Score: 5, Funny

    maybe you should shop for a MAC over the weekend Do you know of any good MAC addresses?
  15. Re:physical access == game over by Anonymous Coward · · Score: 4, Funny

    Not all cripples are crippled all of the time. Sometimes they appear quite normal and then have "spak attacks" which renders them unable to function like real humans. In these cases it is imperative that they can activate sticky keys with their flailing limbs so they can save their work and exit gracefully (well, you know what I mean) from the program.

    Your ignorance and intolerance of cripples and mongs astounds me.

  16. Re:physical access == game over by Oktober+Sunset · · Score: 5, Funny

    I use a 26 char password on a laptop that locks every 5 minutes.

    Once you get used to it, it's not too annoying at all.

    --
    What if Tetris was invented by Nazis?
  17. Re:physical access == game over by deimtee · · Score: 4, Funny

    abcdefghijklmnopqrstuvwxyz ?

    --
    I'm guessing that wasn't on their radar screen...
  18. Re:physical access == game over by ConanG · · Score: 5, Funny

    No, it's
    qwertyuiopasdfghjklzxcvbnm

    but good guess!

  19. Re:Long weekend... by aproposofwhat · · Score: 2, Funny

    But my Mac-10 can spray lead faster than your Glock, so my machismo is quite fine, thank you :P

    --
    One swallow does not a fellatrix make
  20. Re:-1 Humorless Shill by dotancohen · · Score: 2, Funny

    n/t n/t TFS says that NT is not affected.
    --
    It is dangerous to be right when the government is wrong.
  21. Re:Long weekend... by dotancohen · · Score: 3, Funny

    maybe you should shop for a MAC over the weekend Why do people insist on putting Mac in all caps? Like it's some sort of acronym or something?

    Unless you were suggesting shopping for Media Access Control, in which case I apologize. No, he obviously meant this
    --
    It is dangerous to be right when the government is wrong.
  22. Re:physical access == game over by dotancohen · · Score: 3, Funny

    ...but I've found that users tend to have issues with anything that long. Depending on what they use, some women will take something that long to get their fix. There are _two_ industries in which the customer is called a "user".
    --
    It is dangerous to be right when the government is wrong.
  23. Re:Long weekend... by menace3society · · Score: 4, Funny

    c0:ld:de:ad:be:ef:15:f0:0d

  24. Re:physical access == game over by Anonymous Coward · · Score: 2, Funny

    and yet you call yourself 'Easy2RememberNick'

  25. Re:Long weekend... by CanisMajor · · Score: 4, Funny

    That's amazing. I've got the same combination on my luggage!