Critical Privileges in Windows 7
Care must be taken when granting elevated privileges to users’ accounts and programs in Windows systems, as such permissions can be leveraged by malicious users or programs!
For instance, assigning a user with data backup privileges or the ability to change the system time will bypass many access checks. With these privileges a user is capable of reading all files and traverse through all directories. A program may change the system time in order to cause Kerberos authentication to fail. In Windows 7 like previous and later systems some privileges are considered as very critical to the security of systems and it is recommended to take the necessary measures to disallow unnecessary accounts or programs to gain such privileges.
Categories: Security Tags: access control, ACL, debug, permission, privilege, system privilege
