14 DAY TRIAL // McAfee has been hard at work prodding and poking Windows Vista, and they have come up with a vulnerability to StickyKeys backdoors. The flaw that Vinoo Thomas, a McAfee researcher has raised the alarm over, appears to be a case similar to the Windows Vista Speech Recognition vulnerability. That is to say, a non-issue.
StickyKeys is an accessibility feature that is not new to Windows Vista. Its role is to compensate for dexterity difficulties and impairments, or as McAfee has put it, to provide help for the handicapped users. The feature becomes activated when a user presses the modifier key, usually Shift, which remains active until another key is pressed.
"Windows Vista does not check the integrity of the file that launches StickyKeys "c:/windows/system32/sethc.exe" before executing it. Which means you could replace it with another executable and run it by depressing the shift key five times. A popular replacement is "cmd.exe." After replacement, one could invoke this command prompt at the login prompt without the need to authenticate," Thomas explained.
McAfee revealed that Windows 2000 and Windows XP are also vulnerable. But the fact of the matter is that in order to exploit this flaw, an attacker would not only need to have administrator privileges but also actual access to the machine. Thomas argues that an attacker will always find a way, and while this is true, it contributes with nothing to the fact that this vulnerability is as far from severe as possible.
"Another alarming feature of this backdoor is that an attacker can use this method to bypass login on terminal servers and workstations with the remote desktop enabled. Since no third-party tools are being installed on the system and we are using Microsoft's own files to achieve this, it will be difficult to detect for a typical administrator," Thomas added.