Local persistent DoS in Windows XP SP2 Taskmgr
Dear list,
after weeks of total ignorance by Microsoft I decided to finally
release all information
related to a bug, that has to do with the Windows XP SP2 Taskmanager.
Manipulating
a Registry key makes it possible to disable the Taskmgr. On the next
startup it will crash with
an error message. It is possible to backup the key and repair the
Registry doing so, but
the attack scenario is clear: A virus uses this code, the user can't
open the Taskmgr anymore
and your process is somehow "hidden".
The full information about this bug, can be found here:
http://core-security.net/archive/2008/march/index.php#14032008
And the exploit is available here:
http://core-security.net/releases/exploits/taskmgr_dos.c.txt
Greets,
SkyOut
---
core-security.net
---