McAfee says Vista's StickyKeys could be misused

A Windows feature designed to simplify computing for disabled users could be misused in Vista, a McAfee researcher reported Monday. Attackers could use this feature, called StickyKeys, to trick a user into launching unauthorized software on the Vista machine, according to Vinoo Thomas, a McAfee researcher who blogged about the issue on Monday. StickyKeys is launched when a Windows user hits a modifier key like Shift or Alt five times. This makes the modifier key "sticky" so commands like Shift-F1 can be launched without having to hit two keys simultaneously.

An attacker could replace the sethc.exe file used to launch StickyKeys with some other executable, like the Windows command utility, Thomas wrote. This backdoor vulnerability was already known to exist in Windows 2000 and Windows XP, according to Thomas.Although it is interesting that Vista is also vulnerable, it's not clear how useful the backdoor would be to an attacker because one must first gain access to the machine in order to replace the StickyKeys file. Thomas believes that it could be used by an inside attacker to bypass log-in on terminal servers and workstations. Microsoft executives were not immediately available to comment on the issue.

View: The full story
News source: InfoWorld

Report a problem with article
Previous Story

Windows Live to Get First OEM Bundle

Next Story

Apple slip exposes eight-core Mac Pro?

28 Comments

Commenting is disabled on this article.

A question for neowin, do I have to be a big firm like McAfee, to get useless news posted on the main page, or can news provided by myself come on the main page, if I like write this in my blog?


Mr_Mo says Vista's On Screen Keyboard could be misused

A Windows feature designed to simplify computing for disabled users could be misused in Vista, Mr_Mo reported Tuesday. Attackers could use this feature, called On Screen Keyboard, to trick a user into launching unauthorized software on the Vista machine, according to Mr_Mo, a Mr_Mo researcher who blogged about the issue on Tuesday. On Screen Keyboard can be launched when a Windows user enters the ease of access panel on the logon screen. This provides the user with an on screen keyboard.

An attacker could replace the osk.exe file used to launch On Screen Keyboard with some other executable, like the Windows command utility, Mr_Mo wrote. This backdoor vulnerability was already known to exist in Windows 2000 and Windows XP, according to Mr_Mo. Although it is interesting that Vista is also vulnerable, it's not clear how useful the backdoor would be to an attacker because one must first gain access to the machine in order to replace the On Screen Keyboard file. Mr_Mo believes that it could be used by an inside attacker to bypass log-in on terminal servers and workstations. Microsoft executives were not immediately available to comment on the issue.

Btw. I tested it myself, and it is not just copy/paste and accepting the UAC prompt, you actually have to take ownership of the file, provide yourself with the necessary permissions. But it works. Can we expect to see the above as main page news tomorrow?

What about the vulnerability where if someone can physically gain access to the server room, they could place a bomb in it and blow the whole thing up?

Can someone please post this on the main page ASAP to inform every sys admin?

So a hacker gets phsyical access to my computer..
and McAffee thigks he's more likely to activate sticky keys instead of installign a backdoor, trojan or something...

yeah.. I'm sure they got all the hackers just twisting their hands to find out how to exploit this one.. o h wait apparently it's been an issue since 2000, and noone's bothered to use it yet.. gee.. I wonder why... maybe because it's not an issue...

These companies are just fear mongering because they want people to buy their "security" software. This is just lame.

TRC said,
These companies are just fear mongering because they want people to buy their "security" software. This is just lame.

The sick thing is that most people still don't get that. Both Mcafee and Symantec have been in the business of spreading FUD for years. It is their business model.

Yes, but first they must convince the user to tap the Shift or Alt key repeatedly.

This reminds me of the "vulnerability" in which a sound file could be played which would make voirce-recognition enabled computers do stuff remotely. Granted, the hacker would need to be sitting at the machine, clicking OK to the UAC prompts it would inevitably envoke, but whatever, its clearly a critical security issue anyway.

They make these claims to scare "Average Joe", which by now it's probably running to the closest BestBuy to get "McAfee Super Duper Security Bundle" package for only $ 74.99

is this really news?

i would imagine every operating system could be compromised in this way, indeed, macafee's own products could be compromised by replacing the various files in the program files folder with nasty versions.

perhaps macafee should stop wasting the efforts in whining and make their products protect users better and prevent this sort of thing from happening.

i really tire of these press releases and 'security bulletins' from macafee and symantec worried about their market share.

it's not clear how useful the backdoor would be to an attacker because one must first gain access to the machine in order to replace the StickyKeys file

Yeah, to me you may have much worse problems on your hands if a hacker already has system access.

lmao, "StickyKeys could be misused". Has anyone ever been in a high school computer lab? All the fish make all the stupid noises with them. F---king annoying too.

BLOOP BLEEP WOOP WOOP!!

Weak!

Get this, someone could place an executable (that is really a virus) in the user's startup folder! And it would run every time the user logs on!!!

raskren said,
Weak!

Get this, someone could place an executable (that is really a virus) in the user's startup folder! And it would run every time the user logs on!!!

Exactly. Recently all of Symantec and McAffee's "vulnerability" reports go something like this: "Vista has a vulnerability in insert favorite component here!!! Of course...you need admin priveledges to exploit it in the first place...but that's beside the point..."

A vulnerability is a flaw that allows an attacker to gain elevated priveledges...not something that can be tampered with after you've already gotten them. Using the "security" software companies' definition, the entire OS could be called a "Vulnerability"

So, let me get this straight.

Replacing a Windows system file, then getting the user to run it.. thats the vulnerability? Wouldn't that apply to any exe file on your system? :ponder:

q

edit: I think I get it.. it can be launched anywhere in the OS, even in the login screen.

If someone can replace a system file. The system is already compromised; any app can be launched post login and to perform mischief. Even the login credentials needs not be exposed.