Hot Potato. A Windows Exploit

If it doesn't fit anywhere else, drop it in here. (not to be used as a chat/nonsense section)

Moderator: Moderator Team

Post Reply
User avatar
jonaspm
Posts: 585
Joined: Mon Nov 21, 2011 1:10 am
Location: Mexico
Contact:

Hot Potato. A Windows Exploit

Post by jonaspm »

User avatar
Konata
Posts: 391
Joined: Sun Apr 20, 2014 8:54 pm

Re: Hot Potato. A Windows Exploit

Post by Konata »

I think this is a UAC issue. ReactOS targets Server 2003 which already lets you run as Session 0 by default and thus everything you're running already has complete and total control over the entire machine.

And even then, this seems really technical. If you're already running malicious code on your machine, it doesn't really matter what methods it uses to break the machine, it's already in there. Windows has several "security vulnerabilities" which are really redundant because malware can directly do what those vulnerabilities would allow it to do in a very convoluted way. There's a "vulnerability" where you can do some funky stuff with windows to trap the mouse cursor in a very convoluted way, or you could just, you know, control the mouse directly.
middings
Posts: 1073
Joined: Tue May 07, 2013 9:18 pm
Location: California, USA

Re: Hot Potato. A Windows Exploit

Post by middings »

Microsoft Security Bulletin MS00-047 discusses a similar problem.
Look for the heading that begins with "What's wrong".
erkinalp
Posts: 861
Joined: Sat Dec 20, 2008 5:55 pm
Location: Izmir, TR

Re: Hot Potato. A Windows Exploit

Post by erkinalp »

everything you're running already has complete and total control over the entire machine
Not exactly everything. Designated Guest account never gets session 0 and you can use it safely. Albeit most programs for Windows XP will fail on a non-Administrator account, unfortunately. Standard accounts may get session 0.
-uses Ubuntu+GNOME 3 GNU/Linux
-likes Free (as in freedom) and Open Source Detergents
-favors open source of Windows 10 under GPL2
Post Reply

Who is online

Users browsing this forum: No registered users and 18 guests