News
News Categories

Unpatched Windows Exploit Allows Command Prompt to Launch at Login Screen

By Michael Low & Wong Chung Wee - on 30 May 2012, 1:17pm

Unpatched Windows Exploit Allows Command Prompt to Launch at Login Screen

An unpatched exploit that affects Windows 7, Windows Server 2008 R2 and Windows 8 Consumer Preview allows a user to launch a command prompt window with administrative rights by manipulating the sticky keys function. This hack is straightforward to implement as it can be executed in a matter of minutes.

(Image Source: carnal0wnage)

According to Neowin, this security hole has been documented for some time and its patch has not been released yet. Granted, the user of this exploit needs to have administrative rights to the machine that he wishes to comprise; however, a dangerous scenario could involve disgruntled ex-employees activating this exploit on multiple systems operating of the affected platforms, and then returning after they have been terminated to compromise these machines for their devious deeds.

This hack can also be exploited via Remote Desktop Services, so in order to prevent it; Remote Desktop Services have to be turned off on the affected systems. Ex-employees should be prevented from entering premises to gain access to these machines as well. This exploit is hard to detect, aside from a registry key entry.

(Source: carnal0wnage via Neowin)