Microsoft Windows Unauthorised Thread Termination

Posted by bink on October 3 2003, 9:21 PM. Posted in Security.

NT4, Windows 2000 and Windows XP has an security issue:

Description:A vulnerability has been reported in Windows, which can be exploited by malicious, local users to terminate certain privileged programs.

The problem is that the "PostThreadMessage" API allows any program to send a "WM_QUIT", "WM_CLOSE", or "WM_DESTROY" message to another program's thread on the same desktop. This can be exploited by unprivileged users to close a personal firewall or other privileged application running on a system without having permissions to do so.

Successful exploitation requires that the program's thread has a message queue, since the "PostThreadMessage" API will fail otherwise.  Solution: Grant only trusted users access to systems.  Reported by / credits: Brett Moore, via the inquirer