Monthly Archives: March 2013

Owning Windows 7 – From Recovery to “nt authority\system” – Physical Access Required

Just wanted to share with you the below, which I have already communicated with Microsoft – according to MSRC team “An attacker with unrestricted physical access can certainly manipulate a system in multiple ways. This is not something we consider a security vulnerability.” thus no CVE “Computer owners should provide for physical security of systems as part of best practices. There is more discussion of physical access in the “10 Immutable Laws of Security” (http://technet.microsoft.com/en-us/library/hh278941.aspx) under Law #3″.

The scenario is as follows:

  1. Windows 7 SP1, and
  2. Workstation with BIOS settings to restrict boot up from CD, and
  3. Workstation joined in Windows Active Directory or Standalone

By forcing the machine to boot or shutdown abnormally (eg pressing the ctl+alt+del during bootup or press the power button (kill) during shutdown) Windows will enter the “Windows Error Recovery” menu asking us whether we wish to “Launch startup Repair (recommended)” or “Start Windows Normally”

Continue reading

Facebooktwitterredditpinterestlinkedinmailby feather