Tip -Solution for solving session 0 isolation issues.
Details - In Windows XP, Windows Server 2003, and earlier versions of Windows, all services run in Session 0 along with applications. This situation poses a security risk. In Windows Vista, Windows Server 2008, and later versions of Windows, the operating system isolates services in Session 0 and runs applications in other sessions, so services are protected from attacks that originate in application code.Application classes affected by this feature include:
· Services that create UI.
· A service that tries to use window-message functions such as SendMessage and PostMessage to communicate with an application.
· Applications creating globally named objects.
Remedies:· Use client or server mechanisms such as remote procedure call (RPC) or named pipes to communicate between services and applications.
· Use the WTSSendMessage function to create a simple message box on the user’s desktop. This allows the service to give the user a notification and request a simple response.
· For more complex UI, use the CreateProcessAsUser function to create a process in the user's session.
· Explicitly choose either the Local\ or Global\ namespace for any named objects, such as events or mapped memory that the service makes available.
Posted By : Merlin S. Thadathil
No comments:
Post a Comment