Windows StickyKeys may pose security risk
- 3
- Add a Comment
Windows StickyKeys which helps disabled users type may serve as a backdoor. StickyKeys allows users to enter key combinations without having to hold and press keys simultaneously.
Vinoo Thomas of McAfee said the StickyKeys function in Windows Vista and XP can be exploited to allow a user to bypass the login system. StickyKeys is launched by pressing the ’shift’ key five times in succession. A malicious user could replace the StickyKeys executable (.exe) with a copy of the command prompt (cmd.exe) and launch the prompt by pressing the ’shift’ key five times.
Microsoft Security is once again proven trivial to defeat.
[Windows StickyKeys could pose security risk]
[tags]Windows, Microsoft Windows, Security[/tags]

3 Comments
Thom
March 27th, 2007
at 11:52am
“Microsoft Security is once again proven trivial to defeat” if you already have administrative access…
Luke Wallace
April 3rd, 2007
at 3:53pm
At least in XP, when you turn hit shift 5 times to turn on sticky keys, it prompts you to turn them on. It also tells you that you can disable this shortcut for enabling sticky keys. I just disabled my shortcut, so theoretically it’s not possible now that I’ve logged in.
Jon
April 22nd, 2007
at 2:42pm
This process (%SYSTEMROOT%\system32\sethc.exe) runs as SYSTEM, so all you need are rights to replace that file (which could be a power user), and you can gain full administrator access. This is similar to the task scheduler exploit we saw 6 months prior.