Unpatched Exploit in Windows Allows Applications to Run On Top of Login Screen [wip]
An unpatched exploit that affects Windows 7, Windows Server 2008 R2 and Windows 8 Consumer Preview allows a user to launch a command prompt window with administrative rights by manipulating the sticky keys function. This hack is straightforward to implement as it can be executed in a matter of minutes.
According to Neowin, this security hole has been documented for some time and its patch has not been released yet. Granted, the user of this exploit needs to have administrative rights to the machine that he wishes to comprise; however, a dangerous scenario could involve disgruntled ex-employees activating this exploit on multiple systems operating of the affected platforms, and then returning after they have been terminated to compromise these machines for their devious deeds.
This hack can also be exploited via Remote Desktop Services, so in order to prevent it; Remote Desktop Services have to be turned off on the affected systems. Ex-employees should be prevented from entering premises to gain access to these machines as well. This exploit is hard to detect, aside from a registry key entry.