Microsoft does it again

David Kramer david at thekramers.net
Tue Aug 6 14:58:58 EDT 2002


On Tue, 6 Aug 2002, Derek D. Martin wrote:

> If you're relying on Windows privileges to secure your network, you're
> basically screwed.  A whitepater was released today detailing how to
> gain localsystem privileges on any Win32-based platform.  And the
> kicker is, because it takes advantage of a fundamental flaw in the
> design of Windows, it's basically unpatchable, requiring a complete
> overhaul of the Windows messaging system to fix.
> 
> And the best part is, if you're providing terminal services via a
> Citrix server, anyone can own your server, and you'll never be able to
> stop them...
> 
>   http://security.tombom.co.uk/shatter.html
> 

I read this in detail, and I hate to admit that I agree with Microsoft.   
Once bad people are sitting logged onto your machine, you should already 
considered it compromised, regardless of what techniques the bad person 
has at their disposal.

----------------------------------------------------------------------------
DDDD   David Kramer         david at thekramers.net       http://thekramers.net
DK KD  Some people have told me they don't think a fat penguin really 
DKK D  embodies the grace of Linux, which just tells me they have never seen 
DK KD  an angry penguin charging at them in excess of 100mph. They'd be a 
DDDD   lot more careful about what they say if they had.      Linus Torvalds




More information about the Discuss mailing list