RE: Windows station permissions, remote control programs,lower priviledge accounts

From: ATarasul@SpencerStuart.com
Date: 02/20/03

Next message: Starks, Brad: "MS Software Update Service"

Previous message: dave: "RE: [despammed] Defeating password cracking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 Feb 2003 09:30:08 -0600
From: <ATarasul@SpencerStuart.com>
To: <jim@essistants.com>, <focus-ms@securityfocus.com>

James,
The question not about what can be done in normal functioning program.
The question is that core process running as LocalSystem.
This mean that if buffer overflow will be explored on connection attempt
before authentication and before thread switched
to authenticated account user will get LocalSystem access without
authentication.
Also (not completely sure in this one) if lower priviledge authenticated
user running remote control program will be able to run RevertToSelf he
might get LocalSystem privilidges.
The scope of this question not only about remote control programs - it
should be a question why ANY service need to be running as LocalSystem
or Administrator account.

-----Original Message-----
From: James Kelly [mailto:jim@essistants.com]
Sent: Wednesday, February 19, 2003 6:08 PM
To: 'Lee, Alex (NHQ)-EDS'; Tarasul, Alexander;
focus-ms@securityfocus.com
Subject: RE: Windows station permissions, remote control programs,lower
priviledge accounts

Question, when you Shift-Right-Click, and run something as another user,
how does that affect how it is logged?

Jim

Next message: Starks, Brad: "MS Software Update Service"
Previous message: dave: "RE: [despammed] Defeating password cracking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]