Windows system >> Windows XP System Tutorial >> XP system basics

Windows XP Professional System Restore files from unauthorized access local user

  
relates to a program: Windows XP Professional Description: Windows XP Professional system restore files can be a local user of illegal access details: Windows XP Professional (Gold) System Recovery (System Restore) files due Lack of proper protection of NTFS ACLs, which can be exploited by local attackers to gain unauthorized access to system sensitive information. Windows XP Professional (Gold) System Restore files are stored in the "System Volume Information" directory. Because this directory is protected by ACLs, normal users usually cannot access system recovery files. However, the system recovery directory itself and its subdirectories are not protected by the NTFS ACL, so that any local user can illegally access the system recovery file as long as it can specify the path of the subdirectory, so that the sensitive information of the system is leaked. Typically, if the user following the instruction execution can be found in a system recovery path to the directory: c: \\ & gt; reg query "HKLM \\ System \\ CurrentControlSet \\ Control \\ BackupRestore \\ FilesNotToBackup" /v "System Restore" and then use the CD command to enter the directory: c: \\ & gt; cd \\ System Volume Information \\ _restore {8716531F-212F-45F1-8BAA- FB69F0C7FAEF} at this point in the recovery directory, you will find register containing hive called "snapshot" directory: _REGISTRY_MacHINE_SAM _REGISTRY_MacHINE_SECURITY _REGISTRY_MacHINE_SOFTWARE _REGISTRY_MacHINE_SYSTEM _REGISTRY_USER_ .DEFAULT _REGISTRY_USER_NTUSER_S-1-5-18 ..... These hive files are illegally accessible by every local user. A malicious local user will likely modify SOFTWARE hive and the changes will work once the administrator has run the system recovery file. Windows XP with SP1 installed is not affected by this defect. Attack: In general, if the user following the instruction execution can be found in a system recovery path to the directory: c: \\ & gt; reg query "HKLM \\ System \\ CurrentControlSet \\ Control \\ BackupRestore \\ FilesNotToBackup" /v "System Restore" and then use the CD command into the the directory: c: \\ & gt; cd \\ System Volume Information \\ _restore {8716531F-212F-45F1-8BAA- FB69F0C7FAEF} at this point in the recovery directory, you will find register containing hive called "snapshot" directory: _REGISTRY_MacHINE_SAM _REGISTRY_MacHINE_SECURITY _REGISTRY_MacHINE_SOFTWARE _REGISTRY_MacHINE_SYSTEM _REGISTRY_USER_.DEFAULT _REGISTRY_USER_NTUSER_S-1-5-18 ..... These hive files are illegally accessible by every local user. A malicious local user will likely modify SOFTWARE hive and the changes will work once the administrator has run the system recovery file. Solution: It is recommended impacted by this defect Windows XP Professional users to download and install SP1 http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/default.ASP additional information now: None
XP system basics
Windows system
Solve the blue screen trap of Windows 2000/XP

Although the stability of Windows 2000/XP system based on NT architecture has been greatly enhanced,
XP SP2 (RC2) uses the full Raiders

        The long-awaited XP second service upgrade package is about to be released soon. Unlike the

Windows7 and XP dual systems are installed to a partition

                  Online said that the installation of these two systems to a partition is not appli
Anatomy of the eight ultimate weapons in Windows XP SP2

        On August 6, 2004, Microsoft finally released XP SP2 to the computer manufacturer. This mark
Prepare for Windows XP software data migration

        Hard drives are getting bigger and bigger, and prices are getting cheaper. After getting a l
Accurately calculate the virtual memory required by WinXP

        From virtual memory, I believe everyone can say a few words about its role. But how much vir
  • XP system application skills
  • XP system basics
  • Xp FAQ
  • About XP system tutorial

    • Win10 system page bottom right corner small ad closing method

    Win7 Aero effects do not show how to do

    The main function of Windows 8 Upgrade Assistant

    How does the official version of Win10 set the traditional photo viewer as the default application?

    Breaking through five Win8 will hurt the computer hard drive rumors

    How to modify the file attribute

    Win7 system 160WiFi failed to open, can not start the solution

    Detailed Description of Win 2003 Optimize Tool

    What should I do if the computer cannot play the word under the XP system?

    Win10 First Anniversary Update 14393.10 Edition Cortana Disappearing Temporary Solution

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved