Full Disclosure mailing list archives
Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Mon, 5 Sep 2011 19:50:51 +0000
Excellent points - one slight addition, though:
In fact, the Windows Script Host software is mostly used to write system maintenance scripts, so it's obvious its scripts can't be restricted or they'd be useless.
Scripts can certainly be restricted based on the account context they are executed under. There is actually plenty one can do with "normal user" scripts, but as you've pointed out, many of the options admins require scripts for need escalated privileges. This is obviously be design, and it helps to keep admins aware of best practices when choosing to deploy solutions via scripting. There are, of course, many many other ways once can accomplish system maintenance in a more secure way such as WMI, PS (which can require signed scripts) and of course GPO and/or any other number of solutions. I thought it important to outline that since, in my experience with "real" admins, WSH is actually *not* used mostly for system maintenance per se, but for standard automation. Using scripts to perform actual administrative tasks/maintenance is just a bad idea to begin with. t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking paul . szabo (Sep 05)
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking James Condron (Sep 05)
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking Mario Vilas (Sep 05)
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking Thor (Hammer of God) (Sep 05)
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking Georgi Guninski (Sep 06)
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking root (Sep 05)
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking Mario Vilas (Sep 05)
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking Thor (Hammer of God) (Sep 05)
- <Possible follow-ups>
- Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking Valdis . Kletnieks (Sep 05)