Fourteen privileges that can be abused in Windows 2000, Part 2
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
You read in the last installment about how Windows 2000 uses the concept of assignment of privileges to users and groups. We outlined 7 of the 14 privileges can be abused in Windows 2000. Here's part two of this article, courtesy of Roberta Bragg, which lists the remaining privileges to watch our for.
|
User Right/Privilege Default Assignment |
Use |
Abuse |
|
8. Increase scheduling priority Administrators |
Scheduling priorities assure more important processes have more access to system resources and assure all processes a slice of OS time and resources. Scheduling is under the control of the OS. This privilege allows users to modify the scheduling priority in the Task Manager dialog box. |
User modification of the priority of a process can have disastrous results and result in system crashes. |
|
9. Load and unload device drivers Administrators |
Install/ uninstall Plug and Play device drivers. (Non-Plug and Play device drivers can only be installed by Administrators) |
Device drivers run as privileged programs – hostile programs run by users with this privilege have potential destructive access to resources. |
|
10. Log on as a batch job |
The ability to run a process in the background, as in running programs such as a bank reconciliation process. |
Any privilege that allows background processing should be carefully controlled to prevent the insertion of Trojans and remote management processes without the administrator's knowledge. |
|
11. Manage auditing and security log Administrators |
The ability to select objects for auditing. Objects include files, folders, registry keys etc. View and clear the Security Log. |
Viewing the security log would allow knowledge of activity on the system. If an attacker can read the logs, he will be aware if he is being tracked. If an attacker can clear the security log than he can effectively erase any record of his being on the system. |
|
12. Replace a process level token |
The ability to change process change tokens. Tokens attached to processes include the authorization rights for that process. |
See related privilege: Create a token object. |
|
13. Shut down the system W2k Professional: Users, Power Users, Backup Operators, Administrators W2k Server/Advanced Server: Administrators, Backup Operators, Power Users |
Shut down the local operating system. ('Force shutdown from a remote system' allows remote shutdown.) |
Many attacks can circumvent system protection if the attacker can shut down the system and restart it under the control of an alternative OS. |
|
14. Take ownership of files or other objects Administrators |
Grab ownership role on objects that one is not an owner of. Administrators need this privilege to regain control of orphaned files, folders and other resources. |
A user with this right can gain access to ANY object (any file, folder, directory object, registry key, printer, process, thread, etc). They can effectively own the system on which they have this right. In the purest sense of the word own – they can do anything with the system and its resources. This privilege has the potential for severe abuse. |
This tip has been extracted from a presentation materials prepared by Roberta Bragg for MCP Magazines Techmentor conferences. All rights reserved by the author.