Suggest A Fix PC Support Forums > MS Alert: XP Task Manager Will Not Kill Certain Pr

Full Version: MS Alert: XP Task Manager Will Not Kill Certain Pr

Suggest A Fix PC Support Forums > Security > Security News and Warnings

73-997563179

Jan 7 2002, 11:37 AM

Win2000/XP

A vulnerability was reported in Windows XP Task Manager. The Task Manager will not delete certain process names.

It is reported that the Windows XP Task Manager has some security mechanisms that disallow the termination of certain critical system executables:

lsass.exe
services.exe
winlogon.exe
smss.exe

A user can rename any executable (such as trojan code) to one of those names to keep an administrator from killing the executable via Task Manager. This apparently occurs even though the renamed service executable is running under the username of the person currently logged on, and not SYSTEM.

No solution was available from Microsoft at this time.

Reported by: Cyrus

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.