Windows 7 vulnerabilty or good thing...

Researcher show how to take control of a pc w/win 7 upon boot. Interesting article.


Researchers show how to take control of Windows 7 - Network World

However I see this is a different way. Since the administrator has a finite number of rights and "system" is root, well then one could use this to have full control of your pc or in other word, you could be root.

Originally Posted by kevin from Chi-town

Researcher show how to take control of a pc w/win 7 upon boot. Interesting article.


Researchers show how to take control of Windows 7 - Network World

However I see this is a different way. Since the administrator has a finite number of rights and \"system\" is root, well then one could use this to have full control of your pc or in other word, you could be root.

You have to have actual access to the computer so it can not be done remotely . Guess that would narrow down the culprit situation

Is this vulnerability a situation in which a co-worker (working a different shift from you) could gain access to your computer and do some serious sabotage while you are not present? This could be a big problem!

Originally Posted by john3347

Is this vulnerability a situation in which a co-worker (working a different shift from you) could gain access to your computer and do some serious sabotage while you are not present? This could be a big problem!

Yes that would be a likely scenario . You would hope to trust your co-workers but if you are dealing with sensitive data and enough money is offered who can say ?
That is the worst case scenario .

Good luck hope that has helped you a little

Make sure you have a password not easy to crack . Dont leave your computer open too abuse .

Originally Posted by kevin from Chi-town

Researcher show how to take control of a pc w/win 7 upon boot. Interesting article.


Researchers show how to take control of Windows 7 - Network World

However I see this is a different way. Since the administrator has a finite number of rights and \"system\" is root, well then one could use this to have full control of your pc or in other word, you could be root.

Always good stuff = you rocks

I didn't peruse the article in detail and I may not fully understand the procedure described. I read it to say that this hack bypasses any passwords that are in place making the intrusion not affected by passwords no matter how strong.. Did I misread this point? If my understanding of the procedure is close to correct, a coworker could easily steal research material, etc from another. The bonuses and promotions that could result from such activity is certainly enough motivation for many, many employees. Will it become necessary to encrypt sensitive material to a flash drive and take it home with you? Bitlocker does come with Enterprise and Ultimate editions of W-7. Maybe this is a Microsoft ploy to move businesses all the way to the top (in cost) editions of the OS. I remember several years ago I "sneaked" into the company computer and got the salaries/wages of everyone that worked there. (Several people got a handsome raise as a result.) Might this vulnerability allow something like this happen again in spite of the many times better security employed by businesses today? This hole seems to be a severe security issue to me. and not to be taken lightly in many environments.

Also, as Kevin points out, would it not allow an individual client user to have full control of their machine in violation of network and company policy?

"The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected. "
The IDG News Service is a Network World affiliate.



Yes, I thought I remembered reading something like this. This sounds to me like a VERY serious threat to the business community.


I think the author of the subject article couldn't decide whether they wanted to say "can also remove" or "is also able to remove", or "can also be able to remove" and kinda jumbled things up on this first sentence here.

Originally Posted by john3347

I didn't peruse the article in detail and I may not fully understand the procedure described. I read it to say that this hack bypasses any passwords that are in place making the intrusion not affected by passwords no matter how strong.. Did I misread this point? If my understanding of the procedure is close to correct, a coworker could easily steal research material, etc from another. The bonuses and promotions that could result from such activity is certainly enough motivation for many, many employees. Will it become necessary to encrypt sensitive material to a flash drive and take it home with you? Bitlocker does come with Enterprise and Ultimate editions of W-7. Maybe this is a Microsoft ploy to move businesses all the way to the top (in cost) editions of the OS. I remember several years ago I "sneaked" into the company computer and got the salaries/wages of everyone that worked there. (Several people got a handsome raise as a result.) Might this vulnerability allow something like this happen again in spite of the many times better security employed by businesses today? This hole seems to be a severe security issue to me. and not to be taken lightly in many environments.

Also, as Kevin points out, would it not allow an individual client user to have full control of their machine in violation of network and company policy?

"The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected. "
The IDG News Service is a Network World affiliate.



Yes, I thought I remembered reading something like this. This sounds to me like a VERY serious threat to the business community.


I think the author of the subject article couldn't decide whether they wanted to say "can also remove" or "is also able to remove", or "can also be able to remove" and kinda jumbled things up on this first sentence here.

Your right they can overide the password ! Few traces left of the attack so hard to detect .
Any computer becomes an open book if running windows 7 ! Think MS will need to do something fast or business take up might be very limited !

I read through the article a couple of times to try and get the purpose - and failed. (I'm getting too old!!)
If I had physical access to someones computer I would, like many average users, find it easy to bypass the OS password and have access to any files therein. Did I misunderstand something?

Originally Posted by davehc

I read through the article a couple of times to try and get the purpose - and failed. (I'm getting too old!!)
If I had physical access to someones computer I would, like many average users, find it easy to bypass the OS password and have access to any files therein. Did I misunderstand something?

The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected. .

It does sound very bad indeed a major flaw in the OS .

Vbootkit 2.0: Attacking Windows 7 via Boot Sectors

This talk will introduce a new tool which allows attacks against Windows 7 via boot sectors. In this talk we will demo Vbootkit 2.0 in action and show how to bypass and circumvent security policies / architecture using customized boot sectors for Windows 7 (x64). The talk will cover:

() Windows 7 Boot architecture
() Vbootkit 2.0 architecture and inner workings
() insight into the Windows 7 minkernel

We will also demonstrate:

() The use of Vbootkit in gaining access to a system without leaving traces
() Leveraging normal programs to escalate system privileges
() Running unsigned code in kernel
() Remote command & Control

All this is done, without having any footprint on the HDD (everything is in memory). It also remains invisible to all existing anti-virus solutions.

Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors
Posted by Webmaster in Projects at 15:49

I am a home user so feel fairly secure this way . Is that a false sense of security ?
For the business community things look very insecure running windows 7 . Am I being an alarmist ?
What are your thoughts on this ?

Still not with it!
There seems to be a contradiction in the article?

"While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely. "

and then:

"The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 ..... "

But, in any case, why single out poor old Windows 7. It looks to me as if it would work on any OS as it loads with the root.

Originally Posted by davehc

Still not with it!
There seems to be a contradiction in the article?

"While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely. "

and then:

"The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 ..... "

But, in any case, why single out poor old Windows 7. It looks to me as if it would work on any OS as it loads with the root.

Must admit when I first posted this it was without much thought . Just an article of some interest . Now having perused it more closely it looks extremely serious . A major flaw in the OS . As you have said it may work on other windows not just 7 not sure about that . I have a busy day but will certainly look into it mor closely as time allowes .
VBootkit 2.0 Could be modifies to make a :
PXE (Pre-Boot Execution Environment) boot virus, or a normal boot virus. As a result, NVLabs plans to keep the VBootkit 2.0 code under wraps. "We don't have any plans to make it open source, due to chances of misuse," he said.

Only the high end win7 OS will have inbuilt encryption . How many folks will bother to ensure there puters are secure b4 nipping out for a sandwich etc ?
Only got too watch the news to know how lax security can be even at the highest levels of goverment .

That will leave most windows 7 users without a safety net because they wont have the encryption .
Then again is this a fuss about nothing ? Must admit to being confused about this whole issue .