Re: Windows Vista Power Management & Local Security Policy

To: me@xxxxxxxxxxxxxxx
Subject: Re: Windows Vista Power Management & Local Security Policy
From: "William A. Rowe, Jr." <wrowe@xxxxxxxxxxxxx>
Date: Fri, 01 Aug 2008 15:43:56 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <000f01c8e87f$a08b3f30$e1a1bd90$@com>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <000f01c8e87f$a08b3f30$e1a1bd90$@com>
User-agent: Thunderbird 2.0.0.14 (X11/20080501)

Abe Getchell wrote:

When the security option "Shutdown: Allow system to be shutdown without
having to log on" (in the local security policy) is set to "Disable", and
the power management setting "When I press the power button" is set to "Shut
Down", it is possible for an unauthenticated user to press the power button
at the Windows logon screen and gracefully shutdown the system.


It is also possible for the unauthenticated user to unplug the power cord.
What would you like them to do about that?

I reported this to the MSRC on 6/25/2008 and their stance was that this
wasn't a security vulnerability


Good call.

Now, if for some reason a remote user was able to obtain a 'local user'
login screen, that would be a serious issue.  Physical access to the box
trumps most security measures we are able to apply.

References:
- Windows Vista Power Management & Local Security Policy
  - From: Abe Getchell

Prev by Date: Re: how to request a cve id?
Next by Date: [ MDVSA-2008:160 ] libxslt
Previous by thread: RE: Windows Vista Power Management & Local Security Policy
Next by thread: RE: Windows Vista Power Management & Local Security Policy
Index(es):
- Date
- Thread