@dubbreak said:
@nerdydeeds said:No, it is a huge issue. You can transparently encrypt all of your private files in Vista, thus preventing access for reboots/password resets/etc. This allows a complete bypass of locking procedures and thus full access to a user account. How many admins leave their servers locked on the administrator account? With physical access, you could own an entire domain. This type of flaw is second only to a remote root exploit. Having said that, I believe there is a way to disable shutdown from the lock screen, so that should provide a reasonable workaround.
Regardless of this hole, with physical access to a server you can own the entire domain. This doesn't make it any easier.
With a server no one should have access to the power button w/o a physcal key and unlocking a rack (remember that is how this bug was instigated, shutting down with the power button).
If you have admins running Vista and leaving their servers locked on the admin account you have bigger issues than this "hole".
This isn't second only to a remote root exploit, it isn't second to a elevated privileges attack either. You require physical access to the machine (and the power button) to exploit this. If you have that access there are plenty of other ways to cause mischief as well. Yeah, it should be fixed quick and is an issue, but it is an avoidable issue (try logging out, it only takes me seconds to log in and out of my workstation). If data on your laptop is that important then carry it with you, that's what they were designed for!Give me 2 minutes alone with a laptop with XP and I'll grab data off it as well, and at worst you will notice it rebooted (although you will most likely forget that you locked the screen rather than logging out as your mind is probably on when and where you can procure another hot coffee).
Physical access != domain ownage, though it makes it more likely. Authenticated admin session = domain ownage. That's the possibility, and that's why this is such a serious problem.
Locks are meaningless in terms of physical access - pick and bump your way to success in seconds. Physical access to a server does requires time to reboot and find useful data. A monitoring service could notify admins if a server was rebooted for nefarious reasons, no monitoring system can catch a problem like this.