Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Researchers show how to take control of Windows 7

25 Apr 2009   #1

Windows 7 SP1 Ultimate 64bit
Researchers show how to take control of Windows 7

Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday.
Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.
"There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.
However, when the victim's computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.
VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.
The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.

My System SpecsSystem Spec
25 Apr 2009   #2

Vista Ult 64bit - Windows 7 Ult 7264 64bit

Hi Cartel

Not new news but still relevant I guess. The only problem with that exploit is that the attacker HAS to have physical access to the machine as it cannot be run remotely to install, and it's only a memory resident so a simple reboot fixes it unless the attacker uses the opportunity to install some other backdoor while they have the system compromised. And that part should be picked up by a good AV's heuristics & firewall with good user notification of new processes asking for access.

As a "Proof of Concept", they're trying to make a point to MS about the boot process, but those attacks are severely limited in scope due to the fact that to compromise the boot process, the attacker has to have access to the machine.
My System SpecsSystem Spec

 Researchers show how to take control of Windows 7

Thread Tools

Similar help and support threads
Thread Forum
Control panel wont show up
Hey,im in some trouble here. I tried to conect my TV to my PC (already did alot of times and it always worked) but it didnt recognize it. So i think i selected the "split screen" and now i can open everything normal on my monitor,except the control panel. Control panel goes to the right,like there...
General Discussion
Control Panel doesn't show size for some files
When I open control panel it doesn't show the size of my games/programs.
General Discussion
FTP server doesn't show in control panel, administrative tools?
Hi Windows Seven Forums, I'm walking through what should be a very easy FTP server install from the Windows 7 Features. This walkthrough is great... Unfortunately, when I click on: Control Panel Programs and...
enable sli wont show up in control console
hello all, i have an asus a8n-sli with 2 8800gt zotac , however 1 has 512 mb of memory and the other has a gig.. i have a 3200+ athlon 64 that im running windows 7 ultimate 32 bit... with a gig of ram.. windows runs good i have the updated nvidea drivers, both of my cards show up in device manager...
Graphic Cards
Catalyst 9.4 x64 - Control Center doesn't show up
Hi. I use Win 7 r7100. The install of the latest catalyst driver worked fine, and i see the CCC.exe in the taskmanager. Now everytime i try to open the control center nothing happens. Also the tray icon is not seeable. My specs: W7 x64 r7100 P35express intel c2d 8200 gfx ati hd2600xt

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:13.
Twitter Facebook Google+