[Dshield] WMF - SETABORTPROC alarms

TheGesus thegesus at gmail.com
Tue Jan 3 14:04:22 GMT 2006


>From a discussion on the differences between the way NT 3.51 and NT
4.0 handle the GDI...

http://www.microsoft.com/technet/archive/winntas/plan/kernelwp.mspx

"...because Windows NT is a Windows(r)-based operating system... and
because the graphics and windowing subsystems have a very high rate of
interaction with hardware..., the Windows NT 4.0 design team decided
to move that common functionality from user mode into kernel mode..."

I think that means "SYSTEM".  Privilege escalation is automatic when
it comes to the GDI.

IMO, this was the worst thing Microsoft ever did to NT and was at
least partially responsible for NT4's bad reputation.



More information about the list mailing list