Kernel WMI Object SecurityUpdated: June 13, 2006 File name: wmi_security.doc
About This DownloadWindows Management Instrumentation (WMI) in the Windows family of operating systems enables system firmware and kernel-mode device drivers to expose WMI objects, called kernel WMI objects, for configuration and instrumentation. To expose kernel WMI objects, system firmware includes ACPI objects that are exposed to WMI through the ACPI WMI mapping driver. A kernel-mode driver defines WMI classes as described in the Windows Driver Kit (WDK). Kernel WMI objects, especially objects that are exposed by system firmware, are more likely than other WMI objects to expose critical system functionality, such as the ability to change the behavior of a device driver or to change configuration information stored in the system firmware. To help enhance the security of kernel WMI objects, the default security descriptor on Windows Server 2003 and later versions of Windows allows only users who belong to the Local Administrators group to access kernel WMI objects. This security descriptor is more restrictive than the default security descriptor on Windows XP and earlier versions of Windows, which allows any user to read, write, and execute methods on kernel WMI objects. This paper describes the default security permissions for kernel WMI objects on Windows Server 2003 and Windows Vista and how system manufacturers, device driver vendors, and BIOS developers can change the security permissions during device installation. This information applies for the following operating systems: Included in this paper:
|
|
