Full Disclosure mailing list archives
Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002)
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 13 Dec 2010 15:18:51 -0500
On Mon, Dec 13, 2010 at 2:13 PM, David Gillett <gillettdavid () fhda edu> wrote:
If our users hadn't been local admins (not my choice), they would not have been able to eject Domain Admins from the Local Admins group in the first place....
Ouch! But at least it keeps the help desk calls down ;)
-----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com] Sent: Monday, December 13, 2010 10:49 To: David Gillett; 'George Carlson'; bugtraq () securityfocus com; full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) You made all domain users local admin? Or did you do some sort of RUNAS in the logon script?-----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Monday, December 13, 2010 10:16 AM To: Thor (Hammer of God); 'George Carlson'; bugtraq () securityfocus com; full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002)If I take the domain admin out of my local administrators, they can't doanything. Done. Back when I did AD/domain support, all domain user accounts got a profile that included a trivial script to re-add Domain Admins to the Local Admins group. So this kind of local removal shenanigans lasted only until the user next logged into the domain. David Gillett
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002), (continued)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Peter Setlak (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Peter Setlak (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Peter Setlak (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) David Gillett (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) David Gillett (Dec 13)
- Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain AccountCachingAllows Local Workstation Admins to TemporarilyEscalate PrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002) Jeffrey Walton (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privileges andLogin as Cached Domain Admin Accounts (2010-M$-002) Michael Bauer (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Stefan Kanthak (Dec 12)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Michael Wojcik (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Michael Bauer (Dec 13)
- Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002) Marsh Ray (Dec 13)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Thor (Hammer of God) (Dec 10)
- Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002) Steve Cobb (Dec 13)