Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Why hasn't M$ patched the "sticky keys exploit"?

18 Apr 2017   #1
Jake1702

Microsoft Windows 7 Professional x64
 
 
Why hasn't M$ patched the "sticky keys exploit"?

Has anyone else wondered, why up to now, even since Windows 10 came out, Microsoft has not patched/stopped the "sticky keys exploit" or many other executables for that matter?

For who's wondering what the heck I'm talking about, this exploit is replacing the "sethc.exe" file, (or various others like osk for the on-screen keyboard) which is the sticky keys prompt that appears when you hit shift 5 times, with a copy of the command prompt executable. Then, when you first boot the computer, at the login screen, you open it, which brings up an elevated command prompt which can be used to change passwords or make a user an administrator, and many other things.

If I'm correct, this has been there since Windows XP right? You'd think such a well-known exploit would be patched, as this could be extremely detrimental to more professional organizations especially. So, why is it still there?



(Also sorry for this post being disorganised and jumbled)
My System SpecsSystem Spec
18 Apr 2017   #2
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

The particular file you mention - sthc.exe - by default has highly restricted access in Win7, and only TrustedInstaller has the rights to delete it or replace it. All other users have only read and Execute permissions.

Since the 'exploit' pretty much requires the active intervention of a locally-logged-in user, then it's extremely unlikely that anything will be done about it, as nothing can protect the system from a determined local hacker.
My System SpecsSystem Spec
18 Apr 2017   #3
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

Why would they fix it those exploits as you call them require that someone has to boot the computer with another OS and manually change the name of one file and replace it with another file. Then after booting the computer at the logon screen you have to type a few dos commands to add a new admin account.

If someone has physical access to a computer with enough time most security precautions go out the Window, Besides I actually call it a feature of Windows incase you forget the password.

I have forgotten a password and have done it at least once that I remember on Win 7, And ya it does still work even on Win 10.
My System SpecsSystem Spec
.

18 Apr 2017   #4
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

Quote   Quote: Originally Posted by Jake1702 View Post

If I'm correct, this has been there since Windows XP right? You'd think such a well-known exploit would be patched, as this could be extremely detrimental to more professional organizations especially. So, why is it still there
The more professional organizations have a solution for this, They make it impossible using the BIOS
My System SpecsSystem Spec
20 Apr 2017   #5
Jake1702

Microsoft Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by sml156 View Post
Why would they fix it those exploits as you call them require that someone has to boot the computer with another OS and manually change the name of one file and replace it with another file. Then after booting the computer at the logon screen you have to type a few dos commands to add a new admin account.

If someone has physical access to a computer with enough time most security precautions go out the Window, Besides I actually call it a feature of Windows incase you forget the password.

I have forgotten a password and have done it at least once that I remember on Win 7, And ya it does still work even on Win 10.
Not true, on Windows 7 (Not sure about newer versions) it is possible to rename the files via startup repair. And considering that is the most widely used version in the corporate world as well, it means anyone who has a bit of time could easily get on to the computer and rename it even if seperate OS booting is disabled. I feel like it may also be possible even in Windows 10 via the recovery menu, which gives you a command prompt.
My System SpecsSystem Spec
21 Apr 2017   #6
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

The operative phrase here is 'physical access'.
Once you are sat in front of a computer there is very little you can't do to it. There is no security program/device that is 100% proof against physical access, and once you have that, then all bets are off.

There is simply no point in 'fixing' something that can't be prevented.
My System SpecsSystem Spec
21 Apr 2017   #7
Jake1702

Microsoft Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by NoelDP View Post
The operative phrase here is 'physical access'.
Once you are sat in front of a computer there is very little you can't do to it. There is no security program/device that is 100% proof against physical access, and once you have that, then all bets are off.

There is simply no point in 'fixing' something that can't be prevented.
I understand. But what troubles me is the fact that Microsoft has not even said anything about it afaik.
My System SpecsSystem Spec
21 Apr 2017   #8
sml156

Microsoft Windows 7 Ultimate 32-bit 7601
 
 

Quote   Quote: Originally Posted by Jake1702 View Post
I understand. But what troubles me is the fact that Microsoft has not even said anything about it afaik.
It's obvious you you don't understand. If someone has access and time all bets are off.

I don't know about Mac OS but I'm sure there is a way.

I do know that if you forget your password in Linux if you have Physical access to the computer you can add a an admin account and log on with that.
My System SpecsSystem Spec
21 Apr 2017   #9
mjf

Windows 7x64 Home Premium SP1
 
 

It doesn't have to be "sticky keys" it could be other exes. The point I think is that this is such a very simple exploit requiring little technical skill.
My System SpecsSystem Spec
22 Apr 2017   #10
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

...but it DOES pretty much require that you are sitting at the keyboard - and once that happens, no system is secure.
My System SpecsSystem Spec
Reply

Thread Tools


Similar help and support threads
Thread Forum
Kyboard deos not respond to the keys: "e", "d", "c" and "3"
Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!
Hardware & Devices
When holding ctrl - left click'n'hold is sometimes "sticky"...
Let me explain: if I keep ctrl button pressed and then click and drag with left mouse button (selecting text or using photoshop) this drag is sometimes "sticky" - when I finally release the mouse button system does not stop dragging. It behaves as I would still hold the left mouse button...
General Discussion
Add "New->Sticky Note" to desktop context menu?
There are a few things MS seem to be missing the point on in Windows 7. One is the ability to quickly stick a note on the desktop by right-clicking and going to "New->Sticky Note". I remember adding something to the "New" menu in XP some time back so I'm wondering if there's a way to do this.
Customization
Keyboard large "Enter and Backspace" and "stiff" keys
I broke one of the "feet" on my old E-Machines PS/2 keyboard I have used for years and like. I also use one at work that's pretty close to the same layout. I am looking everywhere for a keyboard with a large "enter" and "backspace" I can't find one. I don't care if it's USB or PS/2 but hate the...
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:54.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App