Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

How to Hack Windows Vista

How to Hack Windows Vista

  • Comments 9
  • Likes

No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html. I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security, which contains Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. The hack shown above needs physical access….

But if you want to protect Windows Vista from these kind of physical attacks, why do you not just switch on Bitlocker (and here on Technet)? If you switch it on, these problems are gone and this attack would fail – and it is part of the OS, no additional fees, nothing…

Roger

Comments
  • PingBack from http://www.ditii.com/2008/05/27/hacking-windows-vista/

  • This vector isn't new to Vista.

    As bitlocker isn't a standard feature it's not a universal fix for Vista either, only shipping on two of the Vista SKUs - Enterprise and Ultimate which represent a small proportion of the systems shipping with Vista.

  • Surely this could be easily fixed by forcing Vista to check that the Utilman.exe file hasn't been tampered with? I still agree with you on Law #3, but it seems like this particular hack could be prevented.

  • True, but this would prevent this single attack only. At the end of the day we need a way to completely protect software from being tampered, which would mean, having the trusted stack

    Roger

  • I agree with you, Roger, but I think that any executable that can be launched prior to logging in could be checked to see if it has been tampered with. This would include utilman.exe as well as any other process that can launched under the system account before I've logged in.

  • Valid point. This would add trust to the stack

    Roger

  • that is a valid point i also agree with roger but also think that stuart is correct

  • This is also known to happen with the sticky keys program (sethc.exe); what blows my mind is: why o why do you allow this actions to take place *without* anyone logged on to the console of the OS?

    Of course I agree that having physical access to the system nearly gives you access to it, but why facilitate it? Why are these programs allowed to execute without logging in? That is just sloppy from MS, especially if one knows that this 'feature' has been present in all windows systems at least since windows 2000.

  • thank you

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment