McAfee Alerts Windows about Accessibility Hole in Vista
A feature, called StickyKeys, of Windows that's designed for simplifying computing for those who are physically challenged is likely to be exploited in Vista, as per McAfee researcher.
Scammers might use StickyKeys to dupe the users in to launching unauthorized software on their Vista machines, notified a blog by Vinoo Thomas of McAfee.
StickyKeys is a user-friendly feature especially designed for those who find it difficult to hold down more than one key simultaneously. For example, pressing the shortcut keys such as CTRL+V. With StickyKeys the user can press just one key at one time rather than pressing them at the same time.
StickyKeys gets activated as the user presses either shift or a modifier key 5 times sequentially & a beep is reverberated. Thereby, the modifier key becomes sticky. So the user can launch commands such as Shift-F1 without even pressing the shift key along with the other key.
Windows Vista apparently doesn't check the reliability of the file, which launches StickyKeys, "c:/windows/system32/sethc.exe" prior to its execution. This implies that the user could replace the file with any other executable and then simply run it by depressing shift key 5 times. A popular substitute is "cmd.exe". Post replacement this command could be invoked by the user at login prompt with no need for authenticating.
Once launched, the user can execute explorer.exe without even authenticating. The user can then get a full-desktop running under NT Authority\system account's credentials. From this point a scammer has complete access to the hacked system.
This back door vulnerability existed in Windows XP and Windows 200 too, divulged Thomas.
Even if it is interesting to know that Vista is also weak, it is still not clear how useful would be backdoor be for a hacker. Since, one must first of all gain access to the machine so as to replace StickyKeys file.
Another startling feature of this back door is that a scammer may employ this method for bypassing login on the terminal servers & workstations with distant desktop enabled. As instead of installing any 3rd party tools Microsoft's own files are being used for achieving this, detecting a typical administrator won't be easy, said Thomas in his blog.
He further wrote one might uninstall Accessibility Tools feature, installed by-default. Doing this would help in avoiding this pretty simple yet potentially threatening built in back door.
Related article: McAfee Slams Microsoft over Vista Security
» SPAMfighter News - 23-03-2007