Fortres 101 Disk Security Software Bug Lets Local Users Gain Unrestriced Disk Access
SecurityTracker Alert ID: 1005766|
SecurityTracker URL: http://securitytracker.com/id/1005766
(Links to External Site)
Updated: Jun 8 2008|
Original Entry Date: Dec 5 2002
User access via local system|
Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): 4.1 (Build 512)|
A vulnerability was reported in the Fortres 101 hard disk security software. A local user can bypass the security restrictions and gain access to the contents of the hard disk.|
It is reported that a local user can hold down the WINDOWS + F key combination for an extended period of time (~30 seconds) to cause multiple explorer windows to open. This will cause explorer.exe to crash and then a new, unrestricted version of explorer to open. The Fortres security restrictions apparently do not apply to the new explorer window.
A local user can gain access to an unrestricted explorer window, bypassing the Fortres security features.|
No solution was available at the time of this entry. The vendor is reportedly working on a fix.|
As a workaround, the report indicates that you can prevent the operating system from automatically restarting a crashed explorer.exe by changing the value "AutoRestartShell" to "0" in the registry key at HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon. This workaround only applies if the user is not able to launch the task manager manually by pressing CTRL-ALT-DEL.
Vendor URL: www.fortres.com/products/fortres_101.htm (Links to External Site)
Exception handling error, State error|
Windows (Me), Windows (2000), Windows (XP)|
Source Message Contents
Date: Wed, 4 Dec 2002 23:52:11 -0500|
Subject: How to disable Fortres 4.1
It is possible to disable Fortres 4.1 (Build 512) by holding down the
WINDOWS + F key combination for longer periods of time (~30 seconds).
Please see "Details" for more details.
The vendor has confirmed this to be a problem in product listed below.
A workaround exists and future versions of this product will not
experience this problem due to internal changes/improvements of the
Vendor: Fortres Grand Corporation, http://www.fortres.com
Product Name: Fortres 4.1, Build 512
Platform tested: Windows 2000, SP2
Hardware tested: Dell Optiplex GX260's with 1.7G Celeron processors, a
keyboard with the WINDOWS key
If you press the WINDOWS key + F combination then usually the FIND
window comes up. However on most Fortres installations "explorer" and
the FIND dialog box are disabled, as a result the FIND window
immediately closes - you hardly get to see it. However, if you keep
the WIN+F key combination pressed for a minute or so, dozens of these
windows show up and get closed again immediately. At some point,
depending on the machine between 20 seconds and one minute
(approximately), explorer.exe crashes. Subsequently the Operating
System relaunches a new (unprotected) version of explorer.exe. At this
point Fortress does not seem to be active anymore and the user can do
things one is not supposed to.
It is possible to prevent the operating system from automatically
restarting a crashed explorer.exe. Change the value "AutoRestartShell"
to "0" in the registry key at HKLM\Software\Microsoft\Windows
NT\Current Version\Winlogon. This works if the user is not able to
launch the task manager manually by pressing CTRL-ALT-DEL which in
turn would allow the user to launch a new explorer.exe manually.
Another option would be to remove the WINDOWS keys from the keyboard.
We have tried this out on different machines, the results were the
same on all of them. The only difference was the time it took
explorer.exe to crash.
Thanks to Joan for verifying this problem, thanks to Chris from
Fortres for working together on this issue.
Software & Network Solutions
343 W. Milltown PMB 165
Wooster, OH 44691
Delivery co-sponsored by TruSecure Corporation
Demonstrate your knowledge and understanding of core IT Security, become
Are you responsible for IT security in job function, but not necessarily
in title? Do you want to prove your IT security knowledge and increase
opportunities? Interested? Visit;
for more information.