Removing "sethc" from the “System32” folder when accessing through the recovery mode.Forbidding file modifications on the “System32” folder.
I found and keep finding a lot of material on this vulnerability, from blog posts to YouTube tutorials teaching how to use the exploit. The truth is, I've been following this vulnerability for some time, and if you did it too, you would tell that little or no changes were made for long periods. After all, there are some other tools capable of achieving the exact same thing. So, back to the question, I think that to some extent, there’s a chance that Windows doesn’t want to fully fix this problem.įirst, the fact that it's not a vulnerability breaks the need for fixes.īut there's also a chance that this was left on purpose as a way to break into the machine when needed. Now you could ask: but the exploit still works without the need for user improper configuration, right?Ĭertainly! But perhaps it falls short of importance for the fact it requires physical access to use it. And it's more like an OS native characteristic. It can be exploited through the user’s lack of security measures, so it ends being a user responsibility. In this case, it's not a system vulnerability that is being exploited, but the exploit itself. One definition of vulnerability, given by NIST: “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” Sounds good? It probably does, but it's so old that it makes you wonder:ĭoes it really still work? Were there any efforts to fix the "vulnerability"? From there you can change the user password, or exploit the machine in any other way you wanted. You could then boot normally into the OS and from the lock screen, once you press shift key 5 times, a Cmd window pops up.
From there you would get a Cmd window, and if all goes well, you should have enough privileges to make changes inside the System32 folder.Īll you have to do then is to replace the Cmd (cmd.exe) executable with the Sticky Keys ( sethc.exe) one (all in the same folder). Well, there are some variations to this, but the most common begins with a Windows Startup Repair, be it from the host OS or an installation device. It happened for the first time on Windows XP and more than 15 years later, it’s threatening to side with other Windows iconic exploits. Windows implemented its version some years later in Windows 95, far from knowing it would be exploited in the future.
Sticky keys was born in the Mac OS System 6 in the '80s. Putting it simply, it allows modifier keys ( Ctrl, Shift, etc.) to remain pressed for some time. It was designed to help people with specific disabilities. Sticky Keys is an operating system GUI accessibility.