|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: William A. Rowe, Jr. (wrowe
rowe-clan.net)
Date: Fri Aug 01 2008 - 15:43:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Abe Getchell wrote:
> When the security option "Shutdown: Allow system to be shutdown without
> having to log on" (in the local security policy) is set to "Disable", and
> the power management setting "When I press the power button" is set to "Shut
> Down", it is possible for an unauthenticated user to press the power button
> at the Windows logon screen and gracefully shutdown the system.
It is also possible for the unauthenticated user to unplug the power cord.
What would you like them to do about that?
> I reported this to the MSRC on 6/25/2008 and their stance was that this
> wasn't a security vulnerability
Good call.
Now, if for some reason a remote user was able to obtain a 'local user'
login screen, that would be a serious issue. Physical access to the box
trumps most security measures we are able to apply.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]