Win2k Boot Disc Bypass Windows XP Passwords

While Microsoft has gone to great lengths to ensure that Windows XP is the most secure version of the Windows operating system to date, and they have gone to even greater lengths to market it as such, security flaws are still discovered. One of the latest problems is either a huge flaw or no flaw at all depending on your perspective.
Brian Livingston from recently wrote that a reader of his alerted him to the fact that by using a Windows 2000 CD to boot up a Windows XP system it is possible to gain access to all files and folders without any password requirements.

The flaw works by booting a Windows XP system using a Windows 2000 CD and going into the Windows 2000 Recovery Console mode.

When done on a Windows 2000 system, a password is required to access the hard drive and manipulate the files. In this mode copying files to removable media is restricted as well.
Under Windows XP, this technique grants the user unrestricted access to the computer. The user can access any of the files and folders on the local system and copy them to the floppy drive or other removable media. It does not matter what user account “owns” the files and folders or if they are password protected.

The other side of the coin though is that anyone who has physical access to a PC for a long enough period of time could eventually figure out how to crack the password or break the file encryption and view files they are not intended to see.

A user with malicious intent can find any number of tools to break into a system which they can physically touch. They can install keystroke logging software to steal passwords or backdoor programs to grant themselves unrestricted remote access. If they wanted to, they could simply remove the hard drive and work on it in their leisure time at home.

Some simple measures can prevent many of these problems. By enabling the BIOS level password protection you add a layer of security that even a bootable CD can’t bypass. You can also use EFS (encrypted file system) to protect your files from prying eyes.

Microsoft has not yet officially recognized this as a flaw or released any patch or workaround. This loophole, or flaw if you are so inclined, offers even a technical novice an express route into the system and to all that lies within. All that the security-minded PC user or system administrator can do for now is be aware or possibly try to ensure that the computer itself is physically protected from unauthorized access by being in a locked room, enabling the BIOS password protection or protecting sensitive data with EFS.


Copyright (c) 2000-3000 by Ing. Eduardo Palena -