Monday, June 29, 2009

(Another) Windows Security Problem

I found a security problem with Windows Vista last week that I have never heard of before.

Microsoft claims that Windows Vista is "Capable" with 512 MB of RAM and "Premium Ready" with only 1 GB. However, when using a computer with only 1 GB, I was able to gain access to someone's account without entering their password.

The root cause (I believe) was that the system had run out of memory, both physical and virtual. The screen saver had started on this person's account and normally requires a password to continue using the account. But in this case, I was given an error message instead of a password prompt. The error message said that the system was too low on memory to start any more processes (apparently, even for the process that prompts for the password when returning from the screen saver). At this point, I had full access to this person's account.

In this specific situation, another user was also logged into the system (and therefore taking up RAM). So if I was going to try and reproduce this, I would log into all user accounts to which I had access, open programs that require large amounts of RAM (like Firefox...sadly), and then leave the system on the log on screen for the target user to login. When they step away from the computer and the screen saver begins (which in my case, was set to the lowest value of one minute), I would try and bring it back from screen saver and pray that there is not enough RAM to prompt for a password.

Does that sound too outrageous to actually occur when desired? Probably...but Windows should never get so low on RAM that it is incapable of displaying a password prompt.


  1. This is interesting... were you able to replica it?

    -- ramon

  2. I never tried and I think it would be difficult to do so. Specifically, I think Firefox's memory leaks helped make this possible. As a side note, I heard those are getting fixed soon! :)

    I think the available RAM was consumed after the computer had already started the screen saver. Then Firefox probably kept asking for more memory but was eventually rejected...silently. When I moved the mouse, I saw the memory request for the password prompt get rejected. Oops.