Windows security hole gives anyone access to computer without logging into User Account

13 Comments

  1. Wow, this shows how much Microsoft take this sort of stuff. Have you made a video and sent it into microsoft?

  2. Daniel: No I was thinking of putting a video together, just in case others claim I faked it and I may still put one together, what I did do after I was essentially blown off was send them the complete code I used for the application. I have been contacted since and it seems they are looking further into but I am still waiting on another response. Also, this is purely a physical flaw as it requires the user physical access to the computer.

    Ouezezmoaurh: Yes, using similar methods this can be done to access a computer, difference is, if a user never touches the button, one would never know it has been replaced, thus giving a user unlimited access whenever he/she has access to the computer!

  3. Although, with physical access to a PC, an expert could probably hack into to your computer, this is making it very easy! A Ease of Access button replacer is available on Deviantart. I suppose one can use it to replace it with a CMD. The logon screen which is supposed to protect me if my computer falls physically in someone elses hands, itself is providing a hole. Wonderful!

  4. Unfortunately you have just discovered a mindset we in the computer security arena know all too well … Microsoft arrogance. They think “common” users are too stupid to discover security flaws, when in fact it was the hacker community which aided their security teams to secure NT from it’s inception. It was also this very same community which gave us the knowledge that NT could, in fact, become secure enough to run TS documents on – as long as it’s not connected to any other computer! Well, I suppose this little hack proves that Windows’ security is “rock solid” as long as it’s not booted!

  5. Law number 3 of computer security – http://technet.microsoft.com/en-us/library/cc722487.aspx If I have physical access to your PC I can do anything.

    Read this old story about a similar topic.
    http://netsecurity.about.com/cs/windowsxp/a/aa112103c.htm this is not new.
    The Microsoft person is absolutely right. If I have physical access to your PC I can boot with http://pogostick.net/~pnh/ntpasswd/ and reset the password.

    You have physical access to the PC, you are an admin. It’s not a security issue.

  6. Abbey: Yes I know I created the Ease Of Access Button Replacer.
    Jeff: I agree 100% and you see my point exactly as intended.
    Susan: This was never a matter of this is the only way in. This is merely giving users knowledge that a new problem exist and I did it in minutes. which also gives me the ability to do this without a user ever knowing I did it. The problem is you have missed the point completely. Yes this is a new issue, with Windows 7, not XP, yes there are ways of accessing computers using available tools, yes I can access your computer without resetting your password, alerting you in any way. This is my point. It is not an argument, it is merely stating the fact that yes this is a problem.

  7. It’s not a new issue. If I have physical access to a PC it is no longer a secure system. The underlying “insecurity” has not changed. Give me physical access to a Mac and I can own it as well.

  8. Susan: You’re turning this into a debate and a I Can Do This. Anyone with the knowledge can access a computer physically. Your still missing the underlying point behind this article. Nowheres does it say, it is the only way to access a computer. It is a new way (I found) and I am sharing it with everyone that I know (does not) know (this) issue exist. It should have never been as easy as it is to do what I did.

  9. You clearly have no idea what you are dealing with here. First off, a normal user cannot install this. You must be in an administrative context to do this, which leads to far worse conditions than replacing a file. And if you really want to address this, simply do the following within an elevated administrative cmd window:

    takeown /f %windir%\system32\Utilman.exe
    cacls %windir%\system32\Utilman.exe /C /D Everyone

    By applying this simple ACL, you prevent a bonehead from overwriting the file with your own rogue trojan. Which is what you think you have uncovered.

    Honestly, MS was right. The 10 immutable laws of security are there for a reason. If you truly don’t understand them, there is no hope. You can call this a security flaw all you want. However the weakest link in security is the human factor… thank you for showing us that yet again.

  10. Dana: ……………… Nothing really to say except yes actually I have alot of ideas about what I am dealing with. Assuming the command you are displaying is how this works, you have no idea what I am dealing with.

    Steve: The application that was originally written runs itself elevated without interaction from the user. Modified, which is what I have shown Microsoft, and what they are looking into, it can be done without needing to be logged on much the same way other tools are used.

    The only difference I have tried to convey to users is not that this is some mind blowing security issue but an issue none the less. As someone who values peoples safety/privacy with their computers, what I see different than other methods mentioned above (password changes……) is the fact that unless someone clicked the Ease Of Access button (which to be honest, most don’t) this could be used as long as the person wanted it to without the owner of the computer knowing, be it their children, family, friends.. whoever can get their hands on it trying to sneak about.

    The comments, claiming how smart you are that you can do this and can do that, that I don’t know anything about it………. w/e the case. This post was merely written to show users of a way that they do not know. No it is not the only way, it is merely a way I came across while writing a simple application for customizers to use. Do I think it the worst, No, but an issue none the less. The case being, it shouldn’t be as easy to do as it is, plain and simple.

Leave a Reply

Your email address will not be published. Required fields are marked *


9 + 8 =