Windows recovery loophole lets hackers in

By John Leyden → More by this author

12 Jun 2007 17:56

Who do want to own today?

Windows Vista may be Microsoft's most secure operating system to date, but researchers are still finding some glaring loopholes for hackers to exploit. Here is the latest: all you need is a Vista Install DVD to get admin level access to a hard drive.

The loophole arises because the Command Prompt tool in Vista's System Recovery Options fails to request user name or passwords before handing over access to PCs running the operating system. The hack, discovered by security researcher Kimmo Rousku, only works locally. Physical access to a target PC is a must. Even so, the potential for mischief (such as deleting directories or copying files on targeted PCs) is enormous. Hackers don't even necessarily need to run a DVD. "It’s easy to create a bootable USB flash memory that works in a similar way," Rousku notes.

He discovered the problem during a training workshop on Vista back in February and reported it to Microsoft at the time. Since then, Microsofti has sat on the problem, according to Rousku, so he has gone public. The hack also works on machines running other versions of Vista, providing the PCs are not protected by full disc encryption.

A write-up by Rousku explains the issue in detail and suggests workarounds.

Anti-virus firm F-Secure notes that getting into PCs running Windows XP Home is also straightforward, at least in default set-ups, using a different trick. "The Administrator account password for XP Home is blank by default and is hidden in Normal Mode. But if you select F8 during boot for Safe Mode, you can access the Administrator account and have complete access to the computer," F-Secure notes. ®

28 comments posted — Comment period finished

Track this type of story as a custom Atom/RSS feed or by email.

Microsoft security engineer makes top-10 worst jobs list (27 June 2007)
Program Names govern admin rights in Vista (23 April 2007)
Researchers unpick Vista kernel protection (4 April 2007)
Feds mandate 'secure' Windows set-up (22 March 2007)
Vista security overview: too little too late (20 February 2007)
Vista first look: Bugs and confusion (14 February 2007)
How to install a Vista upgrade on any PC (12 February 2007)
Security watchers lambast Vista (5 February 2007)
Vista encryption 'no threat' to computer forensics (2 February 2007)
MS fast-tracks Vista service pack (26 January 2007)
VeriSign offer bounty on Vista and IE7 bugs (11 January 2007)

Top 20 stories All The Week’s Headlines

Whitepapers
High Technology Manufacturers Journey to Best in Class Performance SAP for automotive suppliers Redefining FOTA deployment in EMEA Super Charge Your Salesforce

Breaking Hardware News

Nvidia throws itself under the bus with chip defect, delays and lost sales

The $200m laptop failure surprise

Nvidia issued some somber news for shareholders today, revealing a financial forecast cut short due to slowing sales, a delayed ramp for new product, and a hefty payout due to faulty laptop chips.

Get the ChannelReg newsletters

Related Whitepapers

How IT Management Can "Green" the Data Center
A Gartner Report
Solution Brief: Reduce Energy Costs
With Green IT Solutions
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
SSL in High-Security Browsers
The Browser Security Revolution
A Green Vision: Interview with VMWare CEO Diane Greene
An Interview article between the New York Stock Exchange and Diane Greene, VMWare CEO

Top Stories