Full Disclosure mailing list archives
Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
From: Michael Cramer <mike.cramer () outlook com>
Date: Thu, 22 May 2014 11:13:23 -0400
Can someone reference something more than a report on Windows Vista? UAC combined with standard user privilege combines the integrity system applied via UAC and standard reduced security permissions. UAC when the user has an Administrator token is a different beast and there are some known bypasses. However, requiring admin approval mode for all applications and all users, including local administrators, will go far. Integrity levels are applied via icacls just as security permissions. Sent from my iPhone
On May 22, 2014, at 4:59, rai () openmailbox org wrote:On 2014-05-21 16:26, Stefan Kanthak wrote: 3. You think Windows' "user account control" is a security boundary. UAC is but NOT a security boundary: <http://technet.microsoft.com/magazine/2007.06.uac.aspx>Microsoft tries to sell "defense in depth" to their customers since they started their "trustworthy computing" about 13 years ago. But they still create administrator accounts during Windows setup, CreateProcess() still has the idiosyncrazy to execute C:\Program.exe, and the WHQL certification still let drivers pass which execute C:\Program.exe during installation and operation.Microsoft has been clear on this point, even from Vista as an old Symantec report notes: "This message has been echoed by others at Microsoft in response to vulnerabilities being discovered in UAC. Microsoft’s message is that UAC vulnerabilities are not considered security issues, as UAC does not provide a security boundary." and they "observed that the User Account Control can be easily disabled manually... via the Local Security Policy tool included in Windows Vista." http://maker.fea.st/Symantec_Security_Implications_of_Windows_Vista.pdf (pg. 10 - more Microsoft references there) -- rai _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe, (continued)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Reindl Harald (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Michal Zalewski (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Stefan Kanthak (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Reindl Harald (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Michal Zalewski (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Mario Vilas (May 21)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe coderaptor (May 22)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe rai (May 22)
- Re: Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe Michael Cramer (May 22)