Windows StickyKeys could pose security risk
A Windows component designed to help disabled users could serve as a backdoor for unauthorised system access, according to a security expert.
McAfee researcher Vinoo Thomas said in an article posted to the company's security research blog that the StickyKeys function in Windows Vista and XP can be exploited to allow a user to bypass the login system.
StickyKeys allows users to enter key combinations without having to hold and press keys simultaneously. It is launched by pressing the 'shift' key five times in succession.
Thomas pointed out that the component responsible for launching StickyKeys is vulnerable to tampering.
A user could replace the StickyKeys executable (.exe) with a copy of the command prompt (cmd.exe) and launch the prompt by pressing the 'shift' key five times.