<<< Date Index >>>     <<< Thread Index >>>

Local persistent DoS in Windows XP SP2 Taskmgr



Dear list,

after weeks of total ignorance by Microsoft I decided to finally release all information related to a bug, that has to do with the Windows XP SP2 Taskmanager. Manipulating a Registry key makes it possible to disable the Taskmgr. On the next startup it will crash with an error message. It is possible to backup the key and repair the Registry doing so, but the attack scenario is clear: A virus uses this code, the user can't open the Taskmgr anymore
and your process is somehow "hidden".

The full information about this bug, can be found here:
http://core-security.net/archive/2008/march/index.php#14032008

And the exploit is available here:
http://core-security.net/releases/exploits/taskmgr_dos.c.txt

Greets,
SkyOut

---
core-security.net
---