Hot keys permissions bypass under Windows XP

Source: Xatrix

L33tdawg: This 'exploit' or information was found by our very own presto. Not bad for a content admin eh? *grin*

"Hot keys" allow non-administrative users to execute Administrator owned applications which are not usually accessible to them.

When XP is initially booted, all hot keys are disabled until actual authentication of the administrator or first account. Once logged in, hot keys are then enabled for use, usually by the initialization of a program in the backround which assigns these hot keys.

In some cases, such as a time of idle, XP will put itself back to the login screen for security purposes. This will require users to re-authenticate to get back to their current session, whether password protected or not.

At this point, without logging in, and as long as the user session is still alive, any local user has the ability to start any program assigned to the hot key, no matter what permissions.

This leads to a host of situations where the range of results could be just merely an annoyance (dozens of browsers open) or actual exploitation. Local users could execute an known vulnerable application (such as some sort of
daemon) and exploit it remotely as it is running under administrative priveledges. That is, of course, if a daemon is actually assigned to the a
hot key.

There are limitations in this situation though. Hot keys are disabled once logged in as an account besides that of the first/administrative.

Solution:
- Disable Hot Keys