Windows Security: Hacked in 60 Seconds

This is how long it takes (minus boot times) to get a command prompt in the latest version of Windows with all of the security patches updated and an anti-virus program installed, if you have physical access to the system. And this is not any old command prompt, this is a command prompt as the user “system”. If you know windows security, then you know that the “system” user is the highest level of authority that you can have. The operating system thinks you are the internal “system”.

This hack requires physical access to the system and access to a DVD or USB drive. This hack is obtained by the manipulation of the Windows Hot-Keys. This hack has been around (and known) since Windows XP and still works in the latest release of Windows 7. Because it is a manipulation of a windows service, it has never been patched. And in case you were going to ask, no, I will not show you how to do it. 

This hack also works in Windows Server products. Therefore, it is imperative to keep physical security as a top concern in your business. Make sure that your server is in an area that is not available to public traffic and preferably in a locked room. Take extra care with your laptops. Do not leave them in areas that are unattended.

It is always a good idea to disable services that are not needed. Unfortunately, disabling the Windows hot-keys is not well documented. With Windows 7, unless you want to mess around in the registry, Microsoft recommends a third-party program to tweak these settings. PCtools has a program that allows you to do this. Supposedly you can also do this with a Windows policy edit, but I have not seen this documented either.

Enabling boot passwords helps, but they can also be bypassed. The best policy to defend against this type of attack is to have strong physical security.