Windows security vulnerability
Yesterday I was working late, so when I tumbled into my bed I forgot to close my laptop. The next morning I was in a hurry to get out of the door, so I just used the power off button. Surprisingly enough my laptop did not turn off, it went into windows – without any password or other form of authentication!
So off course I checked my settings and the password protected screensaver was on.
Being a security nerd I had to try again later that day… surprise surprise, same result. I can open the laptop without putting in password. After some testing I found the follwoing prerequisites for enablement of the security vulnerability.
- Windows 7 operating system
- A number of resource consuming programs needs to be running. I have tested while having Excel, Word, PDF, Power Point, Chrome, Outlook and Windows Explorer running simultaneously
- The automatic screen saver must start on its own, as soon as a single key has been clicked the security hole is closed
If all of this is in place you simple do the following to open the laptop without a password.
- Make sure only to click the off key – if you click any other key the laptop will be locked
- With the screensaver on, hold the power off button to close the laptop
- Once the task manager in windows opens, quickly click Cancel in the close program popup box
- You are now in windows without password!
To protect yourself against this, make sure to always manually secure your laptop before leaving it unattended.
Recent Comments