May 01, 2008

Securing the Windows Search Path

Lock it down with a script so an attacker can't escalate privileges
A Web Exclusive from Windows IT Pro
Alex K. Angelopoulos
Features
InstantDoc #98761
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
View this exclusive article with VIP access -- click here to join |
See More Security Articles Here | Reprints | Or sign up for our VIP Monthly Pass!
Executive Summary:
When using the search path to resolve a command name, Windows attempts to match the command name to file-based commands in the folders in the path. If you don't specify a file extension for the command, Windows Explorer automatically searches for files with the extensions .com, .exe, .bat, or .cmd. This search process is useful but has some quirks. Applications—particularly older ones—might add their own directories to the search path, possibly ahead of Windows' intended first search folders. Malicious coders might also use pathext to make Windows identify common command names such as regedit with their application files. Tools such as Windows Vista's User Access Control (UAC) don't solve the search problem. If you're performing an administrative task and have already elevated your privileges in a subshell, invasive code will run with no special prompting. However, on systems that don't need significant command-search customization, you can do some tweaking to make it very difficult for an attacker to use command search to escalate privileges. The tweaking simply involves locking down the search path wherever possible, modifying and locking down the pathext variable, and maintaining security for the folders used in the search process.

The Windows search path represents a significant potential vulnerability on many systems. I'll explain why, then show you how you can minimize the vulnerability by identifying machines that don't need modified command search and locking them down. . . .

Learning Path To Learn More About Scripts
"How to Get Started Writing Scripts"


To Learn More About VBScript
"Understanding VBScript"


To Learn More About Creating Security Templates
"Security Templates Define and Enforce the Rules"
Top Viewed ArticlesView all articles
CES 2009: Ballmer Announces Windows 7, Windows Live, Live Search Milestones

During his first-ever Consumer Electronics Show (CES) 2009 keynote address last night in Las Vegas, Microsoft CEO Steve Ballmer announced the pending public availability of a feature-complete Windows 7, the final version of Windows Live Essentials, and ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

Where is Microsoft NetMeeting in Windows XP?

...
Related Articles Preventing Office from Opening Certain File Types

A Tool Harness

6 Steps to Secure Shared Computers

Combining LogParser and Sed
Security Whitepapers The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management

Protecting (You and) Your Data with Exchange Server 2007
Related Events Security Summit

Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Cloud Computing Forum: Integrating Software, Server and Storage as a Service into Your Enterprise IT Delivery Model

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Download Data Protection Manager 2007
Disaster recovery at a low cost

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.


Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Empower Your Processes with PowerShell 201
Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

New Release: Windows IT Pro Master CD
13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2009 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing