Security Question

From: Paul Montgumdrop <Paul@xxxxxxxxxxxxxxx>
Date: Mon, 29 Sep 2008 13:17:52 -0400

Anyone out there know about this?

<copied from a poster>

Even if it never happens, if there is two users logged in at the same
time, one is admin and has open a window, the other user can take
advantage of the open window that the admin uses and do everything an
admin would be able to do, as microsoft don't check from whom a command
comes, it just assumes that the user who uses the window is the one who
is logged into that session where it's displayed. There is a fix for
this, but requires a rewrite of explorer and make all GUI using
application to not work.
.

Follow-Ups:
- Re: Security Question
  - From: Alun Jones

Prev by Date: Credential Manager
Next by Date: Re: Security Question
Previous by thread: Credential Manager
Next by thread: Re: Security Question
Index(es):
- Date
- Thread

Relevant Pages

Re: root has less menus
... Figuring nautilus was too much a part of my ... It works if you don't drag and drop files from one window to another ... Ubuntu doesn't show admin applications when the user is not an admin ... Your first solution is a good solution, ...
(Ubuntu)
HTA - Mutliple questions about using WScript.Shells Run Method and control.exe
... LUA environment (one normal account, one admin account used for admin ... the interface and they will execute with admin rights because the HTA ... Is there a command line to kick off the entire Control Panel window ...
(microsoft.public.scripting.vbscript)
Re: Accidetally changed me Admin password
... If you are currently logged on to the administrative account, ... type CTRL-ALT-DEL and a window should pop up. ... > Admin password and now I cant restart my computer as I ...
(microsoft.public.windowsxp.security_admin)
Re: database install
... rules allowed before are now out the window, and code that worked from Windows 3.1 on no longer works. ... in Vista even Administrative users can only get there by either running the program as Admin or by answering a prompt each time you escalate security rights to write to the registry. ... As software developers start changing their software to follow the rules then UAC will become less and less of an issue. ...
(microsoft.public.fox.programmer.exchange)
RE: Disable access to the database window
... Actually I have used the AllowBypassKey Property in another db project. ... in doing so you do open up a "window of opportunity". ... > The Special Access keys is global in a sense. ... > You could distribute a different mdb to the users that you do for an admin ...
(microsoft.public.access.modulesdaovba)