Protecting Against Sticky Keys Privilege Elevation Exploit

How to protect your systems against the Sticky Keys Privilege Elevation Hack

In my earlier blog post, I described how sticky keys in Windows 7, Windows 8 and Windows 8.1 can be used and abused to gain administrator access to the computer.  All that is needed is a Windows installation DVD.

This is a serious security flaw that may present significant difficulties for Sysadmins and IT Security staff.  Essentially, anybody who has physical access to one of these Windows systems - i.e. any desktop/laptop in an open office or server that has not had adequate physical security applied to it might be at risk.

There are a couple of things that can be done to help protect against this vulnerability.  While neither of these options mitigate against the sticky keys vulnerability fully, they go a good way towards making it more difficult to exploit.

BIOS Passwords

Most system BIOS configurations will allow you to prevent booting from an optical or USB drive.  Set this and then password protect the BIOS to ensure that it can't be changed.

Full Hard Disk Encryption

A disk encryption product, such as BitLocker or a 3rd party non-Microsoft product, should prevent straight forward access to the system drive after booting from an optical or USB drive.