WINNT security priviledge escalation attack

From: Paul Knibbs (
Date: 10/29/02

From: Paul Knibbs <>
Date: Tue, 29 Oct 2002 08:29:09 -0000

Eric Howard said:

>>Microsoft, in my opinion, has committed a grave mistake in
the NTFS permission scheme for the WINNT directory. ANY user may create
file in this directory, even AFTER the C2 security rollups are applied.<<

I'm not sure what OS he's talking about, but I can attest that these are NOT
the default permissions set on either Windows XP Professional or Windows
2000 Server. On my XP Pro machine WINNT is writeable by Power Users and
Administrators, while normal users have only read and execute access.
Similarly, on a Win2K server I just checked out, Server Operators and
Administrators have write access, but again normal users can only read and

Paul Knibbs
Systems Administrator
3T Productions Ltd
T: 0161 492 1400 F: 0161 492 1401

Standard Disclaimer
This message is confidential. You should not copy it or disclose its
contents to anyone. You may use and apply the information only for the
intended purpose. Internet communications are not secure and therefore 3T
does not accept legal responsibility for the content of this message. Any
views or opinions presented are only those of the author and not those of
3T. If the e-mail has come to you in error please delete it and any
attachments. Please note that 3T may intercept incoming and outgoing e-mail

Relevant Pages