TechSpot

Exploit allows command prompt to launch at Windows 7 login screen

By Shawn Knight
May 29, 2012
Post New Reply
  1. An unpatched exploit in Windows 7, Windows Server 2008 R2 and Windows 8 Consumer Preview allows a user to launch an elevated command prompt by manipulating the sticky keys function....

    Read the whole story
     
  2. Indeed very dangerous exploit.
     
  3. mevans336

    mevans336 TS Enthusiast Posts: 163   +11

    If you're in a corporate environment, just disable sticky keys via GPO.
     
  4. Kibaruk

    Kibaruk TechSpot Paladin Posts: 1,337   +103

    If you are a normal user, just lock the screen when you leave your computer on.
     
  5. psycros

    psycros TS Booster Posts: 734   +230

    Hmmm...this might explain some things a friend of mine has been seeing at work. The sad part is that if Microsoft overlooked such a fundamental exploit as this, there's probably several more exactly like it.
     
  6. R3DP3NGUIN

    R3DP3NGUIN TS Enthusiast Posts: 154

    wow I cant believe this is still working!!, I never did the registry side, but just renaming the cmd.exe from system32 to the sethc.exe always worked for me. It would of been atleast 18 months ago since I originally read about it.
     
  7. Adhmuz

    Adhmuz TechSpot Paladin Posts: 930   +106

    As long as it requires direct access to enable the hack its not going to be a severe threat. The same can be said about anyone having unauthorized access to any computer, it only takes seconds to upload something malicious and far worse than a simple exploit such as this one.
     
  8. 3DCGMODELER

    3DCGMODELER TS Enthusiast Posts: 307   +18

  9. Microsoft refuses to do something about this, it has been possible all the way back to windows xp and probably even before that.
     
  10. m4a4

    m4a4 TS Addict Posts: 537   +149

    If it is an exploit that requires you to be logged in, then it isn't as serious a threat as it is made out to be... if the first step could be done at the log in screen, then that would be serious.........
     
  11. mevans336

    mevans336 TS Enthusiast Posts: 163   +11

    Agreed. If the attacker has physical access to the machine, he can already do far worse.

    What also limits the effectiveness of this, is it is the local SYSTEM account. So they can blow away the local workstation, but they still have no credentials to access any network resources. They'll need another exploit or will need to perform a bit of social engineering to break out from the local workstation.
     
     
  12. "To install, a user simply needs to first gain access to an elevated command prompt "

    There's the rub.

    Rule #1: Physical Access is complete access.
    Rule #2: Windows Key+L
    Rule #3: Full disk encryption
     
  13. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,105   +18

    If a company does not do a very thorough check of its IT systems after an unpleasant separation with an IT employee, they're probably going have a lot of problems regardless.

    But as people said, once you have physical access to the command prompt, you already have the potential to do far worse. The only difference here is that its relatively simple and hard to detect.
     
  14. This is a VERY OLD hack. I saw it first before 2 years on a greek magazine. But it was greek. At least now it is known in USA so propably MS got it :p
     
  15. Opus

    Opus TS Rookie Posts: 42

    Well, it's just one registry key entry while there are other tweaks that can be performed on a system with full access. But the question is, who would let you have elevated command prompt and regedit.exe in corporate environment. Being a system admin myself I know that all this kind of activity is blocked on networks.
    .

    Nothing is guaranteed if someone with malicious intent has the physical access to any system including _nix, Windows or Mac. That's why employees work in good faith at workplace (regardless of auditing and logging of systems). Only one live USB, CD or DVD (e.g. Ubuntu etc) is required to break any kind of security and to access file system. In my point of view, it is just a trick and nothing serious, that is why MS hasn't patched it yet.
     
  16. Rick

    Rick TechSpot Staff Posts: 6,305   +52 Staff Member

    Yep, that is the solution.

    Funnily enough, this has been a long-standing issue with Windows. Maybe now that it has gotten some press, MS will patch this behavior. I suspect it is intentional since it deals with accessibility, but there must be a better way...
     
  17. I think that techspot staff come up with over the top subjects for the articles to draw traffic to their website. This article clearly falls under that category.
    From the article, "a user simply needs to first gain access to an elevated command prompt". Telling us that bad things can happen once a user gains access to an elevated command prompt isn't telling us anything we don't already know.
    If the article were telling that it was possible to gain access to an elevated command prompt through a series of actions on any PC running Windows 7, that would be newsworthy.
    High-five goes out to all the staff at Techspot for luring me to their websit to read this dribble.
     
  18. Tygerstrike

    Tygerstrike TS Enthusiast Posts: 827   +93

    Its good solid information for those that arent as PC savvy as some of the other TS users. It may be old news to some, but its information that can be used to help others.
     
  19. Oh my god. I feel so exploited.
     
  20. "To install, a user simply needs to first gain access to an elevated command prompt..."

    one can do anything after gaining an elevated command prompt...

    so, this is not an exploit aat all...
     
  21. Lionvibez

    Lionvibez TS Enthusiast Posts: 600   +89

    comments = win!
     
  22. Breaking news!

    A user can bypass security and install viruses and malware.. if they have administration previeledges.

    This post is a joke and I thought after all the slack that neowin got for posting it other 'tech' websites would stay clear.
     
  23. The fundamental problem with windows: Users running with root privileges... and people are surprised that this is possible and start whining. Anything is possible if the user has full privileges over the system - incredibly that includes changes to the registry hive...
     
  24. NTAPRO

    NTAPRO TS Enthusiast Posts: 811   +91

    Orly
     
  25. It is not an unpatched exploit; it is an official feature of Windows.


    A user who with elevated access is already omnipotent; he doesn't need another exploit.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.