Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Why hasn't M$ patched the "sticky keys exploit"?

22 Apr 2017   #11
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Because this infection needs help from the person using the mouse and keyboard their is no way to make a 'KB' to stop this problem from occurring if the user gives help.
With user help just about any infection can enter a computer system.

Jack
My System SpecsSystem Spec
22 Apr 2017   #12
mjf

Windows 7x64 Home Premium SP1
 
 

Take as an example a school lend out laptops to students but don't want them to have administration access.
You could make it a little more difficult.
1) use a BIOS password to control any live boots
2) apply physical seals to the PC so you at least know if you have been compromised. With physical access to the hard drive all bets are off. In the student example you apply penalties. OEMs used to do this and breaking the seal voided your warranty.
3) You need better control of the F8 (or whatever key applies) repair function. This needs to be password controlled or maybe just the command prompt access. A KB could probably do this but do the majority of people want it - probably not.
My System SpecsSystem Spec
23 Apr 2017   #13
Alejandro85

Windows 7 Ultimate x64
 
 

There is a fundamental flaw in the logic of your post: you assume that Microsoft, as Windows developer, can do anything about it. This is not the case.

The main thing you need to understandis that this technique requires you to run an external operating system while Windows is not running. Tampering from the outside isn't a thing that the OS itself can prevent, as it's not running at all.
It doesn't have to be "sticky keys" specifically, using the same procedure you can read or change anything in the system, those executables at login, replace some fundamental kernel component with something malicious, install malware, view every data file and modify everything, add or remove startup programs, literally anything can be done this way.
Moreover, this "exploit" isn't actually anything against Windows. You can do the same on Linux. You can do the same on MacOSX. The key thing is that once an OS shuts down, it can no longer protect itself, no matter what, any OS is suseptible to the same techiniques.

This isn't a vulnerability of Windows at all. It's an inherent consequence of letting someone to have physical access to your computer, that's something that any security expert knows and you can only mitigate it somewhat. Microsoft itself written about it in the article "Ten Immutable Laws Of Security", mentioning that there is no patch about it. In particular, laws 2 and 3 apply here
Quote:
Law #2: If a bad guy can alter the operating system on your computer, itís not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, itís not your computer anymore.
So what can you do about it? First and foremost, prevent physical access to anyone you don't trust. Without the chance to run another OS, this exploit isn't possible. Another mitigation technique is to use full disk encryption. Windows includes BitLocker in its higher editions and better open source options like VeraCrypt also exist. By encrypting the whole hard disk, it's no longer possible to tamper with the installed OS from the outside, without knowing the encryption password. An attacker could still only delete the whole thing, cause random damage or copy the full disk for offline cracking, but not change specific files knowing what he is doing.
My System SpecsSystem Spec
.

23 Apr 2017   #14
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Here a patch for this exploit ...

Why hasn't M$ patched the "sticky keys exploit"?-1ccc77c812e6dc4ae81ec53fe617f9f1.jpg

But always make sure you properly bolt the unit to the floor - and of course keep it in a secure locked room ...


And this is not a joke, it's the sort of protection that is required from physical threats


My System SpecsSystem Spec
23 Apr 2017   #15
mjf

Windows 7x64 Home Premium SP1
 
 

Quote   Quote: Originally Posted by Alejandro85 View Post
There is a fundamental flaw in the logic of your post: you assume that Microsoft, as Windows developer, can do anything about it. This is not the case.
I never said a solution was MS/Windows alone. I also said you can make the exploit "a little more difficult" not foolproof.
You have to prevent running a separate OS and it is stated in point 1) - control live boots with BIOS password protection can stop an intruder booting from an external device.
When you hit the appropriate repair key (often F8) you are using winre.wim under the recovery folder of the operating system partition and this launches the recovery environment - not Windows. This is also a separate OS that MS strictly speaking can change. The recovery environment gives you access to a command prompt so you can rename many exes apart from sticky keys.

There is a flaw and you haven't picked it. MS would probably need to change winre.wim on existing systems which is not a simple fix.

Here is the secure cabinet exploit
Why hasn't M$ patched the "sticky keys exploit"?-crowbar-007.jpg


My System SpecsSystem Spec
23 Apr 2017   #16
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Physical protection is an artform in itself

There are multiple layers of physical security just as there are with electronic security - In both systems The number of layers depends on the value of the data. In some i've worked with you are talking about military grade physical security on top of security services grade electronic defences. It gets to a level where if you break even a low level physical security measure, then all data on the protected system is wiped plus you are likely to be shot

It was always fun to be escorted by two guys carrying machine guns just to change out a dodgy network card
My System SpecsSystem Spec
23 Apr 2017   #17
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Must be a very costly network card.
Parts and labor combined.

What is the Microsoft KB security patch number for machine guns?

C-4 would work but it's a bit noise and does make a bit of a mess.

Jack
My System SpecsSystem Spec
23 Apr 2017   #18
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by mjf View Post
I never said a solution was MS/Windows alone. I also said you can make the exploit "a little more difficult" not foolproof.
I never said you said anything, I haven't even quoted you
That "a little more difficult" only adds security though obscurity, not real security at all, as the exploit is still possible. Full disk encryption is the only way I can think of that can prevent it, and it still can be defeated with physical access.


Quote   Quote: Originally Posted by mjf View Post
You have to prevent running a separate OS and it is stated in point 1) - control live boots with BIOS password protection can stop an intruder booting from an external device.
When the attacker has physical access, you cannot prevent him from booting an external OS. He can simply clear the CMOS and delete that password, then allow everything to run.


Quote   Quote: Originally Posted by mjf View Post
When you hit the appropriate repair key (often F8) you are using winre.wim under the recovery folder of the operating system partition and this launches the recovery environment - not Windows. This is also a separate OS that MS strictly speaking can change.
True, and MS can change it. However, that's not the only external OS that can be used to tamper Windows. A Linux-based OS boot CD, the Windows installation CD, another OS on a second partition or put the disk in another system, all those can be used in exactly the same way, so you can't simply prevent it by "patching" the recovery environment.


Quote   Quote: Originally Posted by mjf View Post
Here is the secure cabinet exploit
Attachment 398241

It remembers me of the XKCD security problem:
My System SpecsSystem Spec
23 Apr 2017   #19
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Jack, in business the hardware is irrelevant it's the data that's costly or even the raw materials

One of the worst places for security that I've worked at is a Mint, where they made all Uk and a lot of european coinage and surprisingly the printers where they made the special hologrammed Windows Licence COAs, Wimbledon Tennis Tickets, and all because their other plant that did the currency printing
My System SpecsSystem Spec
23 Apr 2017   #20
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Nigel, for a bad guy to get physical access to my computer and data they would have to get past Helen, my guard cat.
I had a picture of Helen with a AR-15 but they removed it from the forum.
Somebody doesn't like cats.

Jack
My System SpecsSystem Spec
Reply

Thread Tools


Similar help and support threads
Thread Forum
Kyboard deos not respond to the keys: "e", "d", "c" and "3"
Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!
Hardware & Devices
When holding ctrl - left click'n'hold is sometimes "sticky"...
Let me explain: if I keep ctrl button pressed and then click and drag with left mouse button (selecting text or using photoshop) this drag is sometimes "sticky" - when I finally release the mouse button system does not stop dragging. It behaves as I would still hold the left mouse button...
General Discussion
Add "New->Sticky Note" to desktop context menu?
There are a few things MS seem to be missing the point on in Windows 7. One is the ability to quickly stick a note on the desktop by right-clicking and going to "New->Sticky Note". I remember adding something to the "New" menu in XP some time back so I'm wondering if there's a way to do this.
Customization
Keyboard large "Enter and Backspace" and "stiff" keys
I broke one of the "feet" on my old E-Machines PS/2 keyboard I have used for years and like. I also use one at work that's pretty close to the same layout. I am looking everywhere for a keyboard with a large "enter" and "backspace" I can't find one. I don't care if it's USB or PS/2 but hate the...
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:03.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App