[E. Pluribus Unum]

If Microsoft had its way, you could be prosecuted for disseminating this.

[Free the USA]

Index Bump

[KayEyeDoubleDee]

circumcised BTTT

[Centurion2000]

Even worse is the case of Terminal Services (or Citrix). Imagine a company providing terminal service functionality to their clients, for whatever purpose. That company is NOT going to give their users any real privileges

Which is why any decent Citrix administrator (like myself) will use policies to TOTALLY lock down the system and use mandatory profiles to ensure that NO ONE gets access to the box without his say so.

When 20 other sysadmins and the security guy can't break out to a command prompt or anything like task manager and you have no FILE access on every single window you open; you're NOT going to gain access.

[TechJunkYard]

This research was sparked by comments made by Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. He mentioned Message Queueing, and immediately regretted it.

Little wonder MS is so anti-Open Source, if this kind of analysis (and an exploit) can be put together without a single byte of source, based on a hint from a senior VP.

Repeat after me: Closed Source is no less secure than Open Source. Right. < /snort >

[TheEngineer]

I don't understand why a "system/root"-process such, as this anti-virus program, should be allowed to provide a GUI (with widgets such as edit-boxes, buttons, etc.) to a "guest" user. Isn't this the crux of the problem?

[discostu]

This isn't news. This is how automation testing software works. Everybody that should know already knows about hijacking the message loop. Don't think I've ever seen anybody use this for malicious code, and the message loop goes all the way back to the beginning, it's how Windows has always worked. Much ado about nothing.