Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Windows Vista Power Management & Local Security Policy

from [Abe Getchell] Network Security [Permanent Link]
Subject: RE: Windows Vista Power Management & Local Security Policy
Date: Tue, 22 Jul 2008 18:37:07 -0400 
Correct. Power management in Windows Vista is apparently given a pass to
bypass local security policy, which is a bad thing, and sets a bad
precedence. I will leave it to others to exploit this security issue, given
that I know little about the programmatic aspect of power management in
Windows. There are people out there much more capable than me who, if they
feel it warranted, can research the issue further. I don't consider it, as
Jim Harrison would say, "wasting your time chasing things that 'might lead
to cats & dogs living together in sin'", but rather "security research" and
"sharing information". I don't consider Jim's reaction surprising at all,
though, as he works for Microsoft.

--
Abe Getchell
me@abegetchell.com
https://abegetchell.com/


-----Original Message-----
From: James C. Slora Jr. [mailto:james.slora@phra.com]
Sent: Tuesday, July 22, 2008 11:15 AM
To: bugtraq@securityfocus.com
Subject: RE: Windows Vista Power Management & Local Security Policy

So is this the bottom line?

This is a security mechanism bug that might lead to privilege
escalation
for arbitrary user processes. The OP has left it for others to
determine
exploitability.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AST-2008-011: Traffic amplification in IAX2 firmware provisioning system, Asterisk Security Team
Next by Date:  AST-2008-010: Asterisk IAX 'POKE' resource exhaustion, Asterisk Security Team
Previous by Thread:  RE: Windows Vista Power Management & Local Security Policy, Jim Harrison
Next by Thread:  RE: Windows Vista Power Management & Local Security Policy, Greg
Indexes:  [Date] [Thread] [Top] [All Lists]