[21552] in bugtraq
Re: W2k: Unkillable Applications
daemon@ATHENA.MIT.EDU (Chad Loder)
Mon Jul 16 22:38:24 2001
Message-Id: <5.1.0.14.2.20010716175525.0454f540@pop-server.socal.rr.com>
Date: Mon, 16 Jul 2001 18:10:22 -0700
To: Thomas Zehetbauer <thomasz@hostmaster.org>
From: Chad Loder <cloder@acm.org>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20010716185921.B21654@hostmaster.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
This does sound like a bug in the Task Manager,
and maybe there are MINOR security implications
in the fact that the Task Manager tells the
administrator "This is a critical system process"
when it's not...but the fact that the system
administrator is trying to kill the process
seems to suggest that he already knows otherwise.
Had you reported this to Microsoft before posting,
I'm sure they could have told you that an administrator
can end system processes by right clicking on them and
choosing "Debug" and then ending the process. There's
a known bug in Win2k where this can result in a BSOD
(it may have been fixed; on my Win2k SP2 system, it
resulted in a console message saying "This system
will shut down in 60 seconds", followed by a controlled
restart).
Not sure what happens when you have no just-in-time
debugger installed.
Let's see more vendor notification -- it can save
the readers time, and chances are your "advisories"
would at least have more helpful details in them.
Chad Loder
Rapid 7, Inc.
chad_loder@rapid7.com
At 09:59 AM 7/16/2001, you wrote:
>You can now call you favorite trojan winlogon.exe and task manager will not
>only refuse to terminate it but will also incorrectly state that it is a
>critical system process.
