Hot Keys Permissions Bypass Under XP!

Published by

NeoWin A flaw in XP's hot keys could allow non-administrative users to execute Administrator owned applications which are not usually accessible to them. Product: XP Home Edition (and others?) Vulnerability Briefing: "Hot keys" allow non-administrative users to execute Administrator owned applications which are not usually accessible to them.

Hot keys are specially created buttons (or key combinations) to launch particular programs such as an Internet browser or word processor. Many newer keyboards have them featured, and some laptops as well.

When XP is initially booted, all hot keys are disabled until actual authentication of the administrator or first account. Once logged in, hot keys are then enabled for use, usually by the initialization of a program in the backround which assigns these hot keys.

In some cases, such as a time of idle, XP will put itself back to the login screen for security purposes. This will require users to re-authenticate to get back to their current session, whether password protected or not.

For more info go here.