MSAS vulnerable to tampering

  • Thread starter Thread starter Ross Brown
  • Start date Start date
R

Ross Brown

Apart from the crude malware now making the rounds that
disables Microsoft AntiSpyware and replaces it with a
password collector, there are more subtle ways to subvert
it.

I have created and archived an exploit that takes
advantage of the lack of any file and service security in
the MSAS installation logic. The archive includes
software and documentation.

I'd like someone from the Microsoft development team to
contact me so that I can pass this along for their review
before they proceed to release.

Ross Brown
<mailto:[email protected]>
Kanata, ON, Canada
 
I will also send e-mail.

-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
--------------------
 
Back
Top