We have recently discovered an easy method to bypass the Windows Lock screen when a flash screensaver is running.

The method allows an attacker to gain unauthorized access to a user’s Windows session if he has physical access to a locked machine.

Background info

When a user leaves his computer (ex. during a lunch break), he should lock his session in order to prevent other people from doing actions on his behalf.

Some computers, mostly in corporate environments, are configured to play a flash animation as screensaver while the computer is locked. This configuration is done by specifying the path to a .scr file  – which is actually a renamed executable obtained by compiling a swf. The following registry key specifies the path to this executable: Continue reading →