It's more or less password bypass. Somewhere else I also read a user has to be admin. Can't find the article ATM. It basically means that user should log off when leaving computer - locking it isn't enough.
I see, thank you. At first, it reminded me the old Win98/xp login password type of bypass. And as you said , locking isn't enough , i always log off. I lock only when i have to leave my machine less than 30sec or when i have it in sight.
This explains the attack in more detail: http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html
Sounds like the author of the article discovered the hot water. If you created a system admin account on the machine then you have total control of the system. Always been like this.
Correct. But any changes made would be traced backed to that admin account. What the author is stating by this: Is that the admin can hijack the logged on user desktop. At this point, any system activity/changes are traced to that user. That should not be allowed. -EDIT- Also note that this vulnerability is not the same as the common RDP scenario in corp. environments where an admin can access a remote PC when a user is currently logged on. Or, the forced logoff of network connected endpoints which again is quite common. Bottom line - if a user session is in locked mode, no one should be able to access that session other than the logged on user.
In corporate environment, no way i let a user workstation out of my reach. They mess thing enough already. Back in the days, i decided myself what should be the log-in password of the users. They are here to work, so they have nothing to hide from the admin.
Has nothing to do with "hiding from the admin." It's to prevent the admin from committing fraud and blaming it on the user whose account he hacked. This is of upmost importance in any subsequent legal action that might be pursued. All an attorney has to demonstrate is that this activity is possible and any case against an employee would be dismissed.
The admin is all powerful in a company even above the CEO, if the admin want abuse/ruin the company, he doesn't need to get the password of the other users. at worst , he just have to reinstall the OS of the employee's machines pretending some issues on the machine, put a keylogger, exclude the logger from the security solution (if any) ,and when the job is done, erase his traces. Nobody will know and he can even blame the employee because "employees has no clues of security and are know to open every mails and attached files they see."