* Posts by Wes Miller

1 publicly visible post • joined 12 Jun 2007

Windows recovery loophole lets hackers in

Wes Miller

This is NOT new, nor is it news.

<This is not news>

This same "exploit" has existed for years.

Windows Vista's setup is based upon Windows PE. Windows PE has always run as System, and presented a command prompt as its primary user interface.

This same "exploit" can be done easily with any copy of Windows PE, with a side-by-side installation of Windows, or a linux boot CD with NTFS capability. Note that what the original author suggests (insofar as any authentication done within Windows PE) would be a courtesy here, and since linux boot CD's wouldn't bother to do the same, would be a bizarre "courtesy", much as the innane, and much hated administrator login requirement for the Recovery Console (in earlier versions of Windows) was (consult documentation for Windows 2000, XP, or Server 2003 if you aren't familiar with it).

For more info, see Law #3 here: http://microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

As I've said in numerous articles and speeches, the way to secure systems against any type of attack like this is physical security and/or full-volume encryption.

</This is not news>