Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Account Control: Running Windows Vista with Least Privilege

from [Denis Jedig] Network Security [Permanent Link]
Subject: Re: Account Control: Running Windows Vista with Least Privilege
Date: Sun, 06 Aug 2006 00:34:08 +0200 
Susan,

thank you for your reply.

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

Aaron Margosis says:

"Actually, not true. Services can no longer interact with the
desktop. Services that did always interacted with Session 0 (the
console session, in Windows pre-Vista), and were already broken with
XP's Fast User Switching and other terminal services scenarios, where
user sessions were frequently not session 0. On Vista, NO
interactive user session will be in session 0, so all those services
insisting on displaying UI will not do so on a desktop where a user
is running applications. 

This is a valuable clarification.

Also, runas.exe etc do not result in elevated tokens - you can run
stuff under a different account, but it doesn't get a full-privileged
token."

However, I still can't get behind this one - if you run an application
under a different account, even if you don't get a full-priveleged
token, you might potentially be able to execute anything on behalf of
this account through shattering from another window on the same desktop due to the very lack of UIPI for runas-run applications.

Denis

---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Account Control: Running Windows Vista with Least Privilege, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Date:  Re: Account Control: Running Windows Vista with Least Privilege, Denis Jedig
Previous by Thread:  Account Control: Running Windows Vista with Least Privilege, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Thread:  Re: Account Control: Running Windows Vista with Least Privilege, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Indexes:  [Date] [Thread] [Top] [All Lists]