A
Anonymous Bob
Mark Russinovich has been busy again. 
In his latest blog, he investigates privilege escalation and he found that
the WD service executable was installed in the Program Files folder with
default security settings. It's a good read.
"Another somewhat ironic example is Microsoft Windows Defender Beta 2, which
installs its service executable in \Program Files\Windows Defender with
default security settings. Replacing these service image files is a quick
path to administrator privilege and is even easier than replacing files in
the \Windows directory because WFP doesn't meddle with replacements."
http://www.sysinternals.com/blog/2006/05/power-in-power-users.html
I'd look for this to change real soon now. ;-)
Bob Vanderveen
In his latest blog, he investigates privilege escalation and he found that
the WD service executable was installed in the Program Files folder with
default security settings. It's a good read.
"Another somewhat ironic example is Microsoft Windows Defender Beta 2, which
installs its service executable in \Program Files\Windows Defender with
default security settings. Replacing these service image files is a quick
path to administrator privilege and is even easier than replacing files in
the \Windows directory because WFP doesn't meddle with replacements."
http://www.sysinternals.com/blog/2006/05/power-in-power-users.html
I'd look for this to change real soon now. ;-)
Bob Vanderveen