MSAS vulnerable to tampering

R

Ross Brown

Apart from the crude malware now making the rounds that
disables Microsoft AntiSpyware and replaces it with a
password collector, there are more subtle ways to subvert
it.

I have created and archived an exploit that takes
advantage of the lack of any file and service security in
the MSAS installation logic. The archive includes
software and documentation.

I'd like someone from the Microsoft development team to
contact me so that I can pass this along for their review
before they proceed to release.

Ross Brown
<mailto:[email protected]>
Kanata, ON, Canada
 
S

Steve Dodson [MSFT]

I will also send e-mail.

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Black ops: how HBGary wrote backdoors for the government (Part 1) 0
Worms 6
Microsoft Human Rights Policy Up For Vote Shareholders Meeting 1
Dave Pogue Reviews Vista in the NYT "Vista Wins on Looks. As for lacks..." 29
Revealing The Power of DirectX 11 1
BearWare Comprehensive Security Plan 0
Anandtech: Jasper Is Here: A Look at the New Xbox 360 0
History of Xbox 360 defects - Dean Takahashi has the inside story(long) 2

Top