A friend of mine was temporarily banned from the computers at my school a while ago after he accidentially found a way into Task Manager, which is disabled on our network. He has had his permissions restored now, but has no idea why he got banned in the first place. However, recently he explained what he did to me, and I tested it. I soon found out that, by accident, we had both discovered that there is a Security Exploit in networking Windows XP Professional.

The exploit is to do with network permissions. Windows XP recieves the permission data from the network as soon as someone attempts to login to the network. However, providing the account was valid, it will not apply these permissions until the account is logged in entirely. Unfortunately, while XP is in the process of dealing with this, the user in question is able to press Control-Alt-Delete and access their account options.

Seeing as how, by this point, the login will have not completed, the user would not have any permissions disabled. Therefore, he is still able to do things such as change his password (disabled on some networks), and, even more worryingly, access the task manager.

This is a security exploit, as use of Task Manager on a network is known to be dangerous, due to the ability to stop processes critical to the network. It also allows the user to logout other people from the network.

Permissions will still be loaded while Task Manager is open, however, so if the user quits Task Manager he will not be able to access it again without logging out and back in again to try and replicate the exploit. It is intresting to see, however, that while the networks, by default, block access to Task Manager unless you are an Admin, it does not block anyone from doing anything in it. So anyone who finds a way in, has a golden ticket to michief.

What will Windows do now that such an exploit has been discovered? Only time will tell.

(Bill Gates, if you are reading this, can you please be more careful with security from now on?)

Thanks for reading this.

Actually, you cannot do much to the network with access to Task Manager, due to other permissions in the Windows OS. Accessing the Task Manager is not a very seroius issue because if you end some processes you can only affect the PC that you are using and not other PC's on the network.

This is not a serious issue that Microsoft should be worried about because access to the Task Manager poses minimal risk to a network, rather its the processes that you run that will affect a network. By default, the permissions of the PC before anyone logs in are set to minimum (In your case the level of a student). A person cannot have total rights over the network without logging in as an admin.



This could also serve as a debug tool for admins, tech-support staff if the particular system is having problems logging in to the network.



I'm sure he's reading the! Trap17 forums