Local persistent DoS in Windows XP SP2 Taskmgr

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Local persistent DoS in Windows XP SP2 Taskmgr
From: SkyOut <skyout@xxxxxxx>
Date: Fri, 14 Mar 2008 20:47:50 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Dear list,

after weeks of total ignorance by Microsoft I decided to finallyrelease all informationrelated to a bug, that has to do with the Windows XP SP2 Taskmanager.Manipulatinga Registry key makes it possible to disable the Taskmgr. On the nextstartup it will crash withan error message. It is possible to backup the key and repair theRegistry doing so, butthe attack scenario is clear: A virus uses this code, the user can'topen the Taskmgr anymore

and your process is somehow "hidden".

The full information about this bug, can be found here:
http://core-security.net/archive/2008/march/index.php#14032008

And the exploit is available here:
http://core-security.net/releases/exploits/taskmgr_dos.c.txt

Greets,
SkyOut

---
core-security.net
---

Follow-Ups:
- RE: Local persistent DoS in Windows XP SP2 Taskmgr
  - From: Thor (Hammer of God)
- Re: Local persistent DoS in Windows XP SP2 Taskmgr
  - From: paraw

Prev by Date: Black Hat Announcements: New CFP system and Japan '08 confirmed
Next by Date: [SECURITY] [DSA 1516-1] New dovecot packages fix privilege escalation
Previous by thread: Black Hat Announcements: New CFP system and Japan '08 confirmed
Next by thread: Re: Local persistent DoS in Windows XP SP2 Taskmgr
Index(es):
- Date
- Thread