Windows Defender security flaw

A

Anonymous Bob

Mark Russinovich has been busy again. :)

In his latest blog, he investigates privilege escalation and he found that
the WD service executable was installed in the Program Files folder with
default security settings. It's a good read.

"Another somewhat ironic example is Microsoft Windows Defender Beta 2, which
installs its service executable in \Program Files\Windows Defender with
default security settings. Replacing these service image files is a quick
path to administrator privilege and is even easier than replacing files in
the \Windows directory because WFP doesn't meddle with replacements."

http://www.sysinternals.com/blog/2006/05/power-in-power-users.html

I'd look for this to change real soon now. ;-)

Bob Vanderveen
 
B

Bill Sanderson MVP

Thanks. It'd be interesting to understand the extra protections available
in Vista, and whether the same "flaw" is present there. I suspect it isn't
and that this is one side-effect, perhaps, of learning how to safely
back-port code designed for Vista to the older OS versions. (but then
again, I can't be called a programmer anymore, so I could be way off base!)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft patches critical flaw in Windows Defender 1
Windows Defender Offline Beta? 2
Is Defender causing false positive in McAfee SecurityCenter? 2
Norton Internet Security and Windows Defender 9
Symantec Internet Security 2006 & Windows Defender (beta 2) 12
Windows Vista Windows Defender won't work since installing McAfee Security Centre 9
Windows Defender and 2000 4
Security Frustrations - Bundle of Questions (Defender, UAC) 15

Top