Bugtraq mailing list archives
Re: Re[2]: W2k: Unkillable Applications
From: "Bronek Kozicki" <brok () rubikon pl>
Date: Wed, 18 Jul 2001 13:05:51 +0200
It appears that the Processes tab is doing a simple filename-based search, and the Applications tab isn't doing any search at all. (After all, the 'critical system processes' like Winlogon would never show up in the Applications tab in the first place, since they don't have top-level windows associated with them.)
Little mistake here. Winlogon _has_ top-level window, its just invisible. You may make it easilly visible with tools like showin.exe (you will find more such windows, most are in Explorer process). See Microsoft 01-007 security bulletin, how this can be exploited.
At the very, very least, the Task Manager should be making this check
based
on the full pathname of the process, not just the filename; an application running in C:\TEMP is highly unlikely to be a critical system process...
Agree. regards B.
Current thread:
- W2k: Unkillable Applications Thomas Zehetbauer (Jul 16)
- Re: W2k: Unkillable Applications Chad Loder (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- <Possible follow-ups>
- RE: W2k: Unkillable Applications Snow, Corey (Jul 16)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re: W2k: Unkillable Applications Justin Nelson (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re: W2k: Unkillable Applications Alun Jones (Jul 17)
- Re: W2k: Unkillable Applications Chris Adams (Jul 17)
- Re[2]: W2k: Unkillable Applications Phaedrus (Jul 17)
- Re: Re[2]: W2k: Unkillable Applications Bronek Kozicki (Jul 18)
- RE: W2k: Unkillable Applications Kaido Karner (Jul 17)
- Re[2]: W2k: Unkillable Applications Dimitry Andric (Jul 17)
- RE: W2k: Unkillable Applications Andy Cristina (Jul 17)
- RE: W2k: Unkillable Applications Toomas Kiisk (Jul 18)
- RE: W2k: Unkillable Applications David LeBlanc (Jul 19)