RECOMMENDED: Click here to fix Windows errors and optimize system performance
Users receive new Windows 7 security advisories every week reminding them of Internet attacks, downloaded malware and many other attacks users use to access a computer. What is rarely mentioned and no less important are the physical attacks to which a user is exposed when someone tries to attack his computer.
Take for example – you have a computer at work and one at home and sometimes you need to take your work home and have very important files stored on your computer at home, or you just don’t want someone to access your computer. The average user has a defense line to prevent people from connecting to your computer and doing what they want with your files. Advanced users know other methods such as setting a password via BIOS, but most users have no idea that you can do this.
Two weeks ago, I wrote a program that allows a user to replace the Ease Of Access button on the login screen. This has been designed as a way to give users more flexibility, as some users do not use the Ease Of Access button. (16)
In compiling this application, I came across something by chance. A small change in the code on my application, and not only could a user replace the Ease Of Access button, but the user could use it as a way to access someone’s computer from the login screen. All you had to do was replace the Ease Of Access button with a special native Windows tool!
This would possibly allow a user to bypass all user passwords and allow the user to connect a flash drive … ; and remove everything he wanted from the computer. This would not only allow the user to delete files, but also to delete, modify or move any file on the computer, essentially destroying the operating system, which would require reinstallation.
Below you will find screenshots of my modified application at work:
User account test, password protected
My USB stick inserted. Indicates that there are no files on the drive
When I browse the test account, three files I created for testing are selected and copied.
Copy to USB stick.
Connection, with files I copied on thumb drive
I have been in contact with Microsoft through several emails explaining the problem, I have also provided Microsoft with all the details and code I use, and so far the response has not been very positive, as the employee I spoke to does not seem to think it is a problem. I am still waiting for their next response to see what steps Microsoft can take to solve this problem and I hope they will take the problem seriously.
This is the response of Microsoft representatives:
There are some behaviours that make this a problem that we would not consider a vulnerability based on my understanding of your report.
- To run an executable other than Admin, the file to be modified must be modified by an Admin. The modified utility can then also represent the Default user when logging in, but the change must be made by an administrator user.
- Physical access to the system is necessary to perform this behaviour. There are many malicious things a user can do with physical access to a system, and although we publish best practices for the physical security of computer resources, we cannot protect ourselves from physical access in its entirety.
The following link was provided by Microsoft, indicating that the problem was
#3 and (1)#6 on this list : 10 Invariant laws of security
What the Microsoft representative did not understand is that a user did not need to be an administrator to run the code. It can be used by anyone with sufficient knowledge
My point to Microsoft is simple. Replacing the Ease Of Access button shouldn’t be that easy. Better measures should have been taken to ensure that something so important cannot be changed because it is a central element of the login screen. If they cannot guarantee it, there should be an option not to display this button.
If others think this is a serious problem, please contact security (at) microsoft (dot) com and express your concerns.
RECOMMENDED: Click here to troubleshoot Windows errors and optimize system performance