This does sound like a bug in the Task Manager, and maybe there are MINOR security implications in the fact that the Task Manager tells the administrator "This is a critical system process" when it's not...but the fact that the system administrator is trying to kill the process seems to suggest that he already knows otherwise. Had you reported this to Microsoft before posting, I'm sure they could have told you that an administrator can end system processes by right clicking on them and choosing "Debug" and then ending the process. There's a known bug in Win2k where this can result in a BSOD (it may have been fixed; on my Win2k SP2 system, it resulted in a console message saying "This system will shut down in 60 seconds", followed by a controlled restart). Not sure what happens when you have no just-in-time debugger installed. Let's see more vendor notification -- it can save the readers time, and chances are your "advisories" would at least have more helpful details in them. Chad Loder Rapid 7, Inc. chad_loderat_private At 09:59 AM 7/16/2001, you wrote: >You can now call you favorite trojan winlogon.exe and task manager will not >only refuse to terminate it but will also incorrectly state that it is a >critical system process.
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 21:53:18 PDT