An interesting glitch has turned up in Microsoft's Windows XP OS. According to a report published in a newsletter ("Brian's Buzz on Windows") from Briansbuzz.com, an intruder can access an XP system without restriction by simply using a Windows 2000 CD-ROM to launch a Recovery Console.
According to newsletter publisher Brian Livingston, one of his readers, Tony DeMartino, alerted him to the problem. Livingston says that once a user launches a Recovery Console on an XP system by using a Win2K CD-ROM, the user has complete administrative access to the system, without the need for a password. The user can then copy any files on the system to removable media, which usually isn't allowed without a password. The user can also perform other actions on the system with full administrative privileges.
Livingston said he notified Microsoft about the problem several weeks ago but hasn't received a response to date. Livingston acknowledges Microsoft's long-known stance that "if a bad guy has unrestricted physical access to your computer, it's not your computer anymore," but points out that complete system access shouldn't be as simple as obtaining a Win2K CD-ROM to use as the keys to the front door.
Windows & .NET Magazine reporter Ken Pfeil tested this scenario and found that the process does in fact work as stated. As Livingston pointed out in his newsletter, until Microsoft fully addresses this matter, users should keep an even closer eye on their computers. Little can be done to prevent this sort of intrusion, except to physically secure your computers.