Every once in a while I am left scratching my head. Over the last few days a few blog postings have popped up on a subject and I am at a loss to understand why. I’m not the only one – several security industry colleagues have been in touch and have said they are just as puzzled.
The subject in question is that the Windows Vista installation medium and especially the Recovery Console of it is the biggest vulnerability of Vista. Why? Well because the Recovery Console on the installation medium does not require a password anymore and makes the whole disk accessible.
So I wanted to give my perspective, and that of a number of security industry colleagues both inside and outside of Microsoft:
So, I understand that this is scary for people not being too deep in security but as I said: I was pretty surprises that it was even taken up by security sites.
Well, isn't this obvious? This is known since a long time and a base of every defense in depth concept you are building.
If there are really security companies supporting statements around this, you probably shoudl think twice
Roger's Security Blog : Windows Vista Recovery Console and the Password: http://blogs.technet.com
Basic steps that all users should take notice off.
What OS are you having?
On xp you can try this:
Boot computer and press Ctrl+Alt+Delete twice when you See Windows welcome screen / login screen. It'll show classic login box. Now type "Administrator" (without quotes) in username field and leave password field blank, press Enter and you should be able to login Windows.
Now you can reset your account password from "Control Panel -> User Accounts".
On win 7 or vista:
Ctrl+Alt+Delete won't work, you have to use some windows password recovery software. I recommend Windows Password Recovery Tool 3.0 .