Bugtraq mailing list archives
Re: W2k: Unkillable Applications
From: Chad Loder <cloder () acm org>
Date: Mon, 16 Jul 2001 18:10:22 -0700
This does sound like a bug in the Task Manager, and maybe there are MINOR security implications in the fact that the Task Manager tells the administrator "This is a critical system process" when it's not...but the fact that the system administrator is trying to kill the process seems to suggest that he already knows otherwise. Had you reported this to Microsoft before posting, I'm sure they could have told you that an administrator can end system processes by right clicking on them and choosing "Debug" and then ending the process. There's a known bug in Win2k where this can result in a BSOD (it may have been fixed; on my Win2k SP2 system, it resulted in a console message saying "This system will shut down in 60 seconds", followed by a controlled restart). Not sure what happens when you have no just-in-time debugger installed. Let's see more vendor notification -- it can save the readers time, and chances are your "advisories" would at least have more helpful details in them. Chad Loder Rapid 7, Inc. chad_loder () rapid7 com At 09:59 AM 7/16/2001, you wrote:
You can now call you favorite trojan winlogon.exe and task manager will not only refuse to terminate it but will also incorrectly state that it is a critical system process.
Current thread:
- W2k: Unkillable Applications Thomas Zehetbauer (Jul 16)
- Re: W2k: Unkillable Applications Chad Loder (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- <Possible follow-ups>
- RE: W2k: Unkillable Applications Snow, Corey (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re: W2k: Unkillable Applications Justin Nelson (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re: W2k: Unkillable Applications Alun Jones (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re[2]: W2k: Unkillable Applications Phaedrus (Jul 17)
- Re: Re[2]: W2k: Unkillable Applications Bronek Kozicki (Jul 18)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re[2]: W2k: Unkillable Applications Dimitry Andric (Jul 17)