If you are a network administrator in charge of maintaining a network of machines protected by Deep Freeze, please be advised of this situation and be prepared.įaronics does not seem to be taking this seriously. At this time Faronics does not have a fix, nor an immune version. And most of them are vulnerable to this attack (not sure about the Macs though). Thus, the newest version of Deep Freeze, intended to thwart Deep Unfreezer, continues to be vulnerable.ĭeep Freeze protects over four million computers world-wide and over one million Macs (yes, there's a Deep Freeze for Mac). Emiliano's response to the new version? "rename frzstate2k.exe to anything else. You must logoff and logon again for the new privilege to take effect.Ī perpetrator can easily fit the required files on a thumb drive or even email them to himself:įaronics came out with v5.60.120.1347 on 10-20-2005 as a response to Deep Unfreezer.
Syntax: ntrights -u Users +r SeSystemtimePrivilege
Use ntrights.exe from the Windows Server 2003 Resource Kit to grant yourself the SeSystemtimePrivilege.
It's a free download:ĭeep Freeze Evaluation -Trial Version - v5.60.120.1347
Yes, the same file is used to install and uninstall. It is uninstalled with the installation file, and ONLY with the installation file. Deep Freeze is not uninstalled through Add/Remove Programs.
If you're using an evaluation version of Deep Freeze, here's how to perform this test:ġ) Switch to the System account, as described aboveĢ) Double-click the time in the system trayĥ) Use DeepFreezeSTDEval.exe to uninstall Deep Freeze. Deep Freeze Evaluation versions can be taken off machines by an attacker by forwarding the system date past 60-days which will expire Deep Freeze, causing the computer to restart in thawed mode, allowing Deep Freeze to be uninstalled. If the machine reboots in thawed mode, your version of Deep Freeze is vulnerable, and you should take measures to provide additional security on your machines.ĭeep Freeze Evaluation versions are also vulnerable to this attack. Then run Deep Unfreezer, View Status, click on the Boot Thawed button, Save Status, and restart the machine. If you use ntrights, you must be the only user logged on, and you must logoff and logon again before the privilege takes effect. Syntax: ntrights -u Users +r SeDebugPrivilege Use ntrights.exe from the Windows Server 2003 Resource Kit, a free download,, to grant yourself the SeDebugPrivilege. Ģ) Once Task Manager launches, End Task explorer.exeģ) On the Task Manager menu, choose File / New Task (Run.), Type explorer.exe to launch the explorer shell under the System account which has Debug PrivilegesĤ) Run Deep Unfreezer from the System account. To perform the test you must first grant yourself the "Debug Programs" privilege (revoked by Deep Freeze) by escalating to the Local System account using Task Scheduler from the command line (Start/run, cmd):ġ) Type: at 11:23pm /interactive taskmgr.exe (add one or two minutes from the current time). At the end of the article are a couple of tips on how to secure your machines running vulnerable Deep Freeze installations.) Author is not responsible for abuse of this information. It is intended to be used for testing purposes only, and is not to be construed as a "hacking tutorial on how to hack Deep Freeze". (Disclaimer: this tutorial and information is provided as is, and is intended for network administrators currently using Deep Freeze on their networks, to provide them with up-to-date vulnerability information on the inherent security flaws in the Deep Freeze program. It works on almost ALL versions of Deep Freeze, including the latest version, v5.60.120.1347, released Oct-20-2005 to supposedly thwart his program-it does not! You can use Deep Unfreezer to test for the vulnerability on your own machines:
A black-hat computer programmer in Argentina with a grudge against Faronics, Emiliano Scavuzzo, has written a program to thaw Deep Freeze without knowing the password.