Session 0 isolation: Where backward compatibility loses to security

Raymond Chen

One of the major changes to services in Windows Vista is session 0 isolation. After reading the summary, you can follow that first supplementary link, Impact of Session 0 Isolation on Services and Drivers in Windows Vista, to dig deeper and receive guidance on how you need to modify your service. Then again, some of the questions I see regarding session 0 reveal that they were relying on behavior that wasn’t true even in Windows XP. Many people† assume that session 0 is the one connected to the physical keyboard, but there is no such guarantee. If you turn on Fast User Switching and have multiple users logged on, the second and subsequent users will be on sessions other than session 0, even though they are at the physical keyboard when they log in. Conversely, if you use Remote Desktop Connection to connect to a Windows XP machine, you can connect to session 0 remotely. So whatever they were doing, it was already broken. Nitpicker’s corner

†The phrase “many people” means “many people”. Microsoft employees fall under the category of people. (I can’t believe people are nitpicking the nitpicker’s corner.)


Discussion is closed.

Feedback usabilla icon