This post originated from an RSS feed registered with .NET Buzz
by Sudhakar Sadasivuni.
Original Post: Windows XP SP2 Security Center Spoofing Threat
Feed Title: {Sudhakar's .NET Dump Yard;}
Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/ssadasivuni/rss.aspx
Feed Description: using Sudhakar.Dotnet.Blog.Main;
Via PC Mag : Windows XP Service Pack 2 promises to raise the security bar for the sometimes beleaguered operating system. Unfortunately, one of the new features could be spoofed so that it reports misleading information about system security, or worse, lets a malicious program watch for an opportunity to do damage without being detected. The feature is the Windows Security Center (WSC), which displays the status (see the figure)of the key elements of your defenses: Firewall, Updates, and Antivirus. If your firewall has been disabled, or your antivirus is out of date, that news will display here. The information is stored in an internal database managed by the Windows Management Instrumentation (WMI) subsystem built into Windows. However PC Mag tried to spoof it with a simple script via WMI instructions... Check the second figure...
then..spoofed like this..
Microsoft responds...."In SP2, we added functionality to reduce the likelihood of unknown/devious applications running on a user's system, including turning Windows Firewall on by default, data execution prevention, attachment execution services to name a few. To spoof the Windows Security Center WMI would require system-level access to a PC. If the user downloads and runs an application that would allow for spoofing of Windows Security Center, they have already opened the door for the hacker to do what they want. In addition, if malware is already on the system, it does not need to monitor WSC to determine a vulnerable point of attack, it can simply shut down any firewall or AV service then attack – no WSC is necessary." Read more here
Previous Topic
