Hot Keys permissions bypass under XP

Many thanks must go to New Order for the heads up on this vunerability.

A flaw in XP"s hot keys could allow non-administrative users to execute Administrator owned applications which are not usually accessible to them.

    Product: XP Home Edition (and others?)

    Vulnerability Briefing: "Hot keys" allow non-administrative users to execute Administrator owned applications which are not usually accessible to them.

Hot keys are specially created buttons (or key combinations) to launch particular programs such as an Internet browser or word processor. Many newer keyboards have them featured, and some laptops as well.

When XP is initially booted, all hot keys are disabled until actual authentication of the administrator or first account. Once logged in, hot keys are then enabled for use, usually by the initialization of a program in the backround which assigns these hot keys.

In some cases, such as a time of idle, XP will put itself back to the login screen for security purposes. This will require users to re-authenticate to get back to their current session, whether password protected or not.

News source: Root Core

Report a problem with article
Next Article

FBI expands hunt on warez scene

Previous Article

PC RPG Game of the Year: Dark Age of Camelot