JAWS security flaw, round 2

In my First Post, I described a security vulnerability that allowed local users to gain system-level access to a machine. A quick test with JAWS 11.0.729, the release build of JAWS 11, reveals that it is fixed. Here is a slightly different set of instructions that will do the same thing.

1. From the login screen, press insert+j, and navigate to utilities/configuration manager.
2. When configuration manager opens, press control+o.

3. press the Import button. The open dialog will appear.

4. On my Windows 7 test machine, I got an error box that can safely be dismissed. Once done, type %windir%\system32\*.exe into the open dialog.

5. find cmd in the list, and press the applications key on it. Select Run as administrator if it appears. If not, keep following these steps.

6. From cmd’s context menu, pick select. answer no to the question asking you to overwrite settings files, if it comes up.

7. press import, and pick cmd from the list again. Activate the context menu, and select Run as administrator.

If done correctly, you should have an administrative command prompt.

Advertisements

Tags: ,

One Response to “JAWS security flaw, round 2”

  1. Twitter Trackbacks for JAWS security flaw, round 2 « Tyler Spivey’s blog [tspivey.wordpress.com] on Topsy.com Says:

    […] JAWS security flaw, round 2 « Tyler Spivey’s blog tspivey.wordpress.com/2009/10/19/jaws-security-flaw-round-2 – view page – cached In my First Post, I described a security vulnerability that allowed local users to gain system-level access to a machine. A quick test with JAWS 11.0.729, the release build of JAWS 11, reveals that… (Read more)In my First Post, I described a security vulnerability that allowed local users to gain system-level access to a machine. A quick test with JAWS 11.0.729, the release build of JAWS 11, reveals that it is fixed. Here is a slightly different set of instructions that will do the same thing. (Read less) — From the page […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: