Session 0 Isolation Explained
Wednesday, 02 May 2007 by Michel Roth
As some of you may know, Windows Vista and Longhorn Server introduced a new concept in relation to the session IDs used. In Windows 2003 all services ran in a session 0 (zero). This was also referred to as the "console". You can log on to the console by running the RDP client with the /console option. The fact that this allowed users (administrators) to be in the same session with the system services opened up a window of attack. In Windows Vista and Longhorn Server, Microsoft tried to close this Window with something called Session 0 Isolation. The Windows Performance Team goes to explain (pretty in-depth):

"The Microsoft Windows Vista operating system mitigates this security risk by isolating services in Session 0 and making Session 0 non-interactive. In Windows Vista (and Windows Longhorn Server), only system processes and services run in Session 0. The user logs on to Session 1. On Windows Longhorn Server, subsequent users log on to subsequent sessions (Session 2, Session 3 etc). This means that services never run in the same session as users' applications and are therefore protected from attacks that originate in application code. "

Read it here.

Related Items:

Console Behavior Differences in Longhorn Server Terminal Services (28 November 2006)
Introducing MSTSC /admin (19 December 2007)
Additional Improvements In Terminal Server Client Printing In Windows Longhorn (6 May 2007)
Win32 Client Supported Configurations for Pass-Through Authentication (SSON) Of Windows Credentials (2 March 2006)
Sticky Windows Key In RDP 6 Client For Vista Resolved (24 September 2007)
How Terminal Services Works (Technical Reference) (13 June 2005)
Terminal Server Session Broker (29 February 2008)
How Vista Will interact With Longhorn Server (22 February 2007)
Understanding the Terminal Server Session Directory (3 December 2004)
Terminal Services Architecture (14 February 2008)
Comments (0)
Show/Hide comment form