Local Windows Admins Can Hijack Sessions Without Credentials

Take a moment to read this article, watch the demonstrations, and then contemplate the implications.  For a long time, protecting local administrative access meant protecting the confidentiality of the data stored on the server or PC tethered to those local admin credentials.  This exploit / vulnerability / Windows feature (select your viewpoint here) changes the game and injects another leg of the security triad stool – integrity.  Data stored or associated with a specific user session can be accessed as that user without compromising that user’s credentials and without leaving any significant forensic fingerprints.

This article alludes to the fact that Microsoft is well aware of this “feature” and most likely has no intentions of changing it.  As such, we as IT security professionals and general IT practitioners must take necessary steps to mitigate the possibility of exploitation.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s