While I am sure MS is now trembling at the disclosure of such a high impact bug, I am wondering why you chose <a href="http://core-security.net">core-security.net</a> as your domain when core security (.com) is already known as a leading security company with a good name? <br>
<br><div class="gmail_quote">On Fri, Mar 14, 2008 at 2:49 PM, SkyOut <<a href="mailto:skyout@gmx.net">skyout@gmx.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="">Dear list,<br><br>after weeks of total ignorance by Microsoft I decided to finally release all information<br>related to a bug, that has to do with the Windows XP SP2 Taskmanager. Manipulating<br>a Registry key makes it possible to disable the Taskmgr. On the next startup it will crash with<br>
an error message. It is possible to backup the key and repair the Registry doing so, but<br>the attack scenario is clear: A virus uses this code, the user can't open the Taskmgr anymore<br>and your process is somehow "hidden".<br>
<br>The full information about this bug, can be found here:<br><a href="http://core-security.net/archive/2008/march/index.php#14032008" target="_blank">http://core-security.net/archive/2008/march/index.php#14032008</a><br>
<br>And the exploit is available here:<br><a href="http://core-security.net/releases/exploits/taskmgr_dos.c.txt" target="_blank">http://core-security.net/releases/exploits/taskmgr_dos.c.txt</a><br><br>Greets,<br>SkyOut<br>
<br>---<br><a href="http://core-security.net" target="_blank">core-security.net</a><br>---</div><br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></blockquote></div><br>