Slashdot Mirror


Gaining System-Level Access To Vista

An anonymous reader writes "This video shows a method by which a user can use a Linux distro called BackTrack to gain system access to Windows Vista without logging into Windows or knowing the username or password for any accounts. To accomplish this, the user renames cmd.exe to Utilman.exe — this is the program that brings up the Accessibility options for users without sight or with limited vision. The attack takes advantage of the fact that the Utility Manager can be invoked before the user logs into the system. The user gains System access, which is a level higher than Administrator. The person who discovered this security hole claims that XP, 2000, 2003 and NT are not vulnerable to it; only Windows Vista is."

4 of 412 comments (clear)

  1. Re:Physical Security by Anonymous Coward · · Score: -1, Troll

    Which explains why Windows 95, 98, NT, 2000, ME, XP, and 2003 are all not vulnerable to this attack.

    No, this is just yet another demonstration that Vista is, if anything, less secure than XP was and that the User Annoyance Crap didn't actually solve a damned thing. Which everyone should have realized by now.

  2. Re:Long weekend... by Anonymous Coward · · Score: -1, Troll

    maybe you should shop for a MAC over the weekend

  3. Re:physical access == game over by Anonymous Coward · · Score: -1, Troll

    My mother lured me out of her basement with a bag of Cheetos, and the promise of Natalie Portman and hot grits. But when I got to the top of the stairs, there were no Cheetos, there were no grits, and there was no Natalie Portman. Instead, there was my mother, yelling "Get a job, you dirty fucking hippie!"

  4. Re:physical access == game over by Anonymous Coward · · Score: 0, Troll

    Or, you could just pay for that software you've pirated. See, no more pesky activation dialogs. But of course being Slashdot, that means that it's noble to somehow stick it to Microsoft.