We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

McAfee reveals Vista accessibility hole

StickyKeys could be misused in Windows Vista

A Windows feature designed to simplify computing for disabled users could be misused in Vista, according to McAfee researcher.

Attackers could use this feature, called StickyKeys, to trick a user into launching unauthorised software on the Vista machine, according to a blog by McAfee’s Vinoo Thomas.

StickyKeys is launched when a Windows user hits a modifier key like Shift or Alt five times. This makes the modifier key ‘sticky’ so commands like Shift-F1 can be launched without having to hit two keys simultaneously.

An attacker could replace the sethc.exe file used to launch StickyKeys with some other executable, like the Windows command utility, Thomas wrote.

This backdoor vulnerability was already known to exist in Windows 2000 and Windows XP, according to Thomas.

Although it’s interesting that Vista is also vulnerable, it's not clear how useful the backdoor would be to an attacker because one must first gain access to the machine in order to replace the StickyKeys file.

Thomas believes that it could be used by an inside attacker to bypass log-in on terminal servers and workstations.

Microsoft executives were not immediately available to comment on the issue.

To avoid the problem, "one can uninstall the Accessibility Tools feature, which is installed by default, to avoid this fairly simple, yet potentially serious built-in backdoor," he wrote.

"And don't forget to hit the shift key five times and see what pops up on your desktop."


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia