Re: Privilege-escalation attacks on NT-based Windows are unfixable
From: RCC (rcc76@hotmail.com)Date: 08/23/02
- Next message: Sam Simpson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: : "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: : "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "RCC" <rcc76@hotmail.com> Date: Fri, 23 Aug 2002 19:35:16 +1200
"Sam Simpson" <sam@samsimpson.com> wrote in message
news:pan.2002.08.22.20.18.03.167536.1730@samsimpson.com...
> On Wed, 21 Aug 2002 11:56:27 +0100, HC wrote:
>
>
> >> I'd say the only real issue with this "feature" is Terminal Server
> >> services in user mode. You will not allow users to log on locally on
> >> your servers other than terminal server (I know , IIS, but this is not
> >> a CONSOLE login therefore users cannot get the tools to it); if the
> >> users takes over the workstation, this is only a local machine issue,
> >> which does not compromises a well secured (layered) network.
> >
> >
> > I agree whole-heartedly w/ RCC's comment. Thor of HammerOfGod.com
> > pointed this out as well...this particular vulnerability requires that
> > malicious code be injected onto the target system and executed in some
> > manner. "Defense in depth", layered security mechanisms _should_
> > greatly assist in protecting the system...if they're employed. And in
> > my experience, it's much easier to set up those mechanisms on a pure MS
> > infrastructure than on a heterogeneous one...
>
> Right, so a user can get an Outlook worm or whatever that executes in the
> context of the logged in Terminal Server user, obtains elevated
> priveleges by exploiting this message attack and then ownz a box that is
> holding 200 concurrent users. Windows mainframe my arze.
>
> You have to make the assumption that users will be stupid in their
> actions - but the system should protect itself (and the other 199 users)
> against these actions.
>
> I wouldn't mind so much if Microsoft offered "security in depth" - but
instead
> they offer insecurity in depth - every layer of Microsofts implementation
> from KMD's, IP stack, core OS, additional services and applications all
> consistantly have very poor security track records and are all coded with
> a blatant disregard for basic Security Engineering principles.
>
> Having another application executing malicious code as a result of a
> standard OS provided "IPC" is simply unbelievable.
>
>
> The funny parts are:
>
> a) Microsoft claims this is a "known feature" of Windows and not a
> particular flaw with Windows but rather a failing of the application. Of
> course, <SARCASM> it's easier to fix each and every application rather
> than produce an OS that supplies robust and secure primitives.</SARCASM>.
>
> b) I don't run windows.
>
> --
> Regards,
>
> Sam Simpson
> http://www.samsimpson.com/
Oh well, they always refer to any bugs as "undocumented features"
:o)
Regards,
RCC
- Next message: Sam Simpson: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: : "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: : "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
