Monday, November 15, 2010

Session 0 isolation – Feature of Windows OS from windows vista onwards


Tip  -Solution for solving session 0 isolation issues.

Details - In Windows XP, Windows Server 2003, and earlier versions of Windows, all services run in Session 0 along with applications. This situation poses a security risk. In Windows Vista, Windows Server 2008, and later versions of Windows, the operating system isolates services in Session 0 and runs applications in other sessions, so services are protected from attacks that originate in application code.


Application classes affected by this feature include:
·         Services that create UI.
·         A service that tries to use window-message functions such as SendMessage and PostMessage to communicate with an application.
·         Applications creating globally named objects.
Remedies:
·         Use client or server mechanisms such as remote procedure call (RPC) or named pipes to communicate between services and applications.
·         Use the WTSSendMessage function to create a simple message box on the user’s desktop. This allows the service to give the user a notification and request a simple response.
·         For more complex UI, use the CreateProcessAsUser function to create a process in the user's session.
·         Explicitly choose either the Local\ or Global\ namespace for any named objects, such as events or mapped memory that the service makes available.





Posted By : Merlin S. Thadathil

No comments:

Post a Comment