Windows 7 Huge Windows 7 security issue!

#1
Ive searched the internet for this but it doesnt seem that anyone has written anything about it.

At windows 7 boot while the "wait" message is displayed, just before the "enter password" appears you can press CTRL-ALT-DELETE.
This brings up the "Lock computer" choice.
If you select "cancel" you will get to the desktop directly WITHOUT ever entering the password....

This seems like pretty big security problem. How could this be missed???
Anyone seen this?

// Addekung
 


Mitchell_A

Essential Member
#2
Has this been confirmed working?
That's some pretty serious stuff..
 


john3347

Extraordinary Member
Premium Supporter
#3
I think this is old info

Ive searched the internet for this but it doesnt seem that anyone has written anything about it.

At windows 7 boot while the "wait" message is displayed, just before the "enter password" appears you can press CTRL-ALT-DELETE.
This brings up the "Lock computer" choice.
If you select "cancel" you will get to the desktop directly WITHOUT ever entering the password....

This seems like pretty big security problem. How could this be missed???
Anyone seen this?

// Addekung


There was an issue similar to this that got some limited attention about the time of transition from RC to RTM. I am not sure if this is the same issue or not, but it is similar. I saw it as a HUGE security issue because it appeared to me something that could be exploited by the nighttime cleaning lady, your co-worker who works a different shift from you, and anyone else who has physical access to your computer when you are not present. I attempted to point out in a post or two in this forum what a serious security risk this vulnerability appeared to be. I was pretty much "poo-poo'd" by other forum posters for my suggestion that this could be a serious problem. I am retired and live alone and I am the sole user of my computer and if someone breaks into my house, they will have total access to the computer to steal it and take it with them and "learn my deepest secrets" by other methods so the issue didn't really affect me. I dropped my insistence that this was a vulnerability of a HUGE magnitude that you now recognize and I have heard no more about this issue until now.
 


Last edited:
#4
The computers and the operating systems are from december 2009. They continuously use windows update so this method shouldnt work.
However, the fact remains, i dont need my password to work with my computers.

Im going to verify this with my coworkers computers to see if it is a general problem.
I find it very strange that i dont find any info on this issue somewhere else.

One important thing to point out though, when the computer is fast, the "waiting" screen sometimes just flashes by and the opportunity to enter CTRL-ALT-DEL never appears.
On slower computers and computers that load alot of info at startup, it always does.
 


john3347

Extraordinary Member
Premium Supporter
#5
Please report back

The computers and the operating systems are from december 2009. They continuously use windows update so this method shouldnt work.
However, the fact remains, i dont need my password to work with my computers.

Im going to verify this with my coworkers computers to see if it is a general problem.
I find it very strange that i dont find any info on this issue somewhere else.

One important thing to point out though, when the computer is fast, the "waiting" screen sometimes just flashes by and the opportunity to enter CTRL-ALT-DEL never appears.
On slower computers and computers that load alot of info at startup, it always does.

For reasons described in my last post in this thread, I don't use a login password and cannot test this myself. After you do some experimenting, please report your findings back to the forum.
 


#6
No such issue here - I got 2 user accounts on the login screen so no way to fall back on a (which) desktop. There is no "waiting" here either the screen stay black until logins come up.

Maybe only affecting single accounts?
 


#7
Yah doesn't work for me either.
 


john3347

Extraordinary Member
Premium Supporter
#9
Perhaps this whole issue is a joke dreamed up by someone with too much time on their hands and has just been circulating around the internet for the past several several months!?!?!? If no one can duplicate it, it must not be much of an issue.
 


Mitchell_A

Essential Member
#10
I agree with john3347,

The only imaginable way I think it could possibly be reproduced is on a very slow system, during which the login screen goes through the several stages very sllloooowwwwlllllyyyyyy

Might have to dig out an old laptop and check it out ;)
 


Veegertx

Extraordinary Member
#11
That or someone Vlited or similar, removed too much and bang
 


Celestra

Former Moderator
#12
Ive searched the internet for this but it doesnt seem that anyone has written anything about it.

At windows 7 boot while the "wait" message is displayed, just before the "enter password" appears you can press CTRL-ALT-DELETE.
This brings up the "Lock computer" choice.
If you select "cancel" you will get to the desktop directly WITHOUT ever entering the password....

This seems like pretty big security problem. How could this be missed???
Anyone seen this?

// Addekung
You may have a permissions problem. There is a file that can be used to diagnose what's going on. It is called the (subinacl.exe) I would only suggest using it with a qualified "Windows Professional" because all your security data can be examined.


 


Last edited:

john3347

Extraordinary Member
Premium Supporter
#13
You may have a permissions problem. There is a file that can be used to diagnois what's going on. It is called the (Sub InACL. exe) I would only suggest using it with a qualified "Windows Professional" because all your security data can be examined.

So does this mean that is conceivable that a co-worker - or the nighttime office cleaning crew - could gain unauthorized access to your password protected computer? If conceivable, is it reasonable for someone who is issued a "work" computer and must leave it unattended for some number of hours each day to be quite concerned for their sensitive information?
 


john3347

Extraordinary Member
Premium Supporter
#14
I realize this is an old - and cold - thread, but I am just now finding new documentation concerning the subject flaw. Anyone who is interested may follow the link and make what they wish of the information.

(I sincerely hope I am not offending anyone by posting this information.)

John


Win7: Security Hole 'Unfixable', Experts Say / Infopackets.com
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.