Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gaining System-Level Access To Vista

Posted by kdawson on from the seems-too-simple-somehow dept.

An anonymous reader writes "This video shows a method by which a user can use a Linux distro called BackTrack to gain system access to Windows Vista without logging into Windows or knowing the username or password for any accounts. To accomplish this, the user renames cmd.exe to Utilman.exe — this is the program that brings up the Accessibility options for users without sight or with limited vision. The attack takes advantage of the fact that the Utility Manager can be invoked before the user logs into the system. The user gains System access, which is a level higher than Administrator. The person who discovered this security hole claims that XP, 2000, 2003 and NT are not vulnerable to it; only Windows Vista is."

3 of 412 comments (clear)

  1. Re:ethics? by teh+moges · · Score: 0, Redundant

    Its a well known fact that Microsoft will not fix many security holes it finds until they have been made public. I'd much rather have them forced into releasing the patch soon, as opposed to a few black hat researchers knowing and exploiting this for many years until someone else publically posts the information.

  2. Re:physical access == game over by Mr_eX9 · · Score: 0, Redundant

    How does reinstalling the OS constitute a successful attack on an encrypted hard drive? The data doesn't stop being encrypted just because you put a new OS there. Unless you deleted the partition containing the data...but wouldn't that defeat the purpose of breaking into the system?

  3. Re:This could be useful by 54mc · · Score: 0, Redundant

    +1 insightful

    --
    Joy! Beautiful spark of the gods!