A feature that helps disabled people use Windows could open up a back door for hackers to compromise systems, according to a security expert.
Vinoo Thomas, who works as a researcher at anti-virus company McAfee said that the StickyKeys function in Windows XP and Vista that allows users to type key combinations without having to hold keys down simultaneously could let hackers bypass the Windows logon system.
"Windows Vista does not check the integrity of the file that launches StickyKeys 'c:/windows/system32/sethc.exe' before executing it," said Thomas. "Which means you could replace it with another executable and run it by depressing the shift key five times."
He said that a popular replacement is "cmd.exe." After replacement, an attacker could invoke this command prompt at the login prompt without the need to authenticate.
"Once launched, it is possible to execute explorer.exe without authenticating and get a full desktop running under the credentials of the NT Authority\system account. And from this point on an attacker has full access to the system," he said.
He said that Windows 2000 was just as vulnerable to this form of attack as Vista and XP. Thomas added that the latest Windows updates insured that "sethc.exe" is protected by Windows file protection. In Vista replacing system files is a more difficult because of Trusted Installer.
Thomas said that even though a hacker would first need admin rights to install this backdoor, an insider could easily do this.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"This threat from within poses the greatest computer security threat to organisations today," he said.
"Another alarming feature of this backdoor is that an attacker can use this method to bypass login on terminal servers and workstations with the remote desktop enabled. Since no third-party tools are being installed on the system and we are using Microsoft's own files to achieve this, it will be difficult to detect for a typical administrator," warned Thomas.
He said a potential workaround would be to uninstall the Accessibility Tools feature in the OS.
Microsoft was not available for comment at the time of writing.
ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.
For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.