Cracking to Windows with System Recovery – and no warning from Redmond
There was an interesting press meeting here in Finland today. Mr. Kimmo Rousku presented the Command Prompt feature of Vista’s System Recovery – i.e. how to crack to Vista/XP/2003 computer using only Vista installation media and System Recovery option.
This is a short version of summary described at Web page of Mr. Rousku:
This problematic security feature exists because Windows Vista Repair Computer / System Recovery program enables the use of command prompt without any user authentication with highest possible – system-level – priviledges.
Cracking Windows operating systems has been possible by using cracking software found from various web pages. This is the first time when cracking Windows operating systems is really easy and needs no deeper technical knowledge.
The report shows in a very detailed way how it’s possible to use Takeown and Icacls command to take ownership of ACL-protected files or folders too.
Mr. Kimmo Bergius, the Chief Security Advisor of Microsoft Finland confirmed today in the press meeting mentioned that there is not an update coming. Additionally, Mr. Bergius states that there is a documentation advising the use of HD encryption and BIOS password, BUT this documentation doesn’t mention this security problem in any way.
Yes, this is not the first time when this problem was disclosed. But where is the missing KB document, instructions related to bootup order and the benefit of encryption when switching to Vista.
The most important part comes here.
* How to protect:
1. Change BIOS boot order to disable booting from other media than hard disk
2. Then, set BIOS password to prevent bad guys to change this setting
3. Encrypt files with EFS
4. When using laptops, you have no reasons not to use HD encryption!
Mr. Rousku is well-known non-fiction writer. He works as CIO of Finnish National Research and Development Centre for Welfare and Health (aka Stakes).
Update: Pictures from the press meeting: