2025-10-22 –, Europe
Long time ago, in 2004 (that's even before the first Hack.lu conference), Microsoft released a patch for utilman.exe.
Since then, utilman.exe pops up in security incidents.
In 2004, a vulnerability (MS04-019 July 2004) in utilman.exe was revealed.
Turns out utilman.exe runs with SYSTEM privileges.
And any user can just start it by pushing the right keys.
This inspired me in 2006 to turn this feature into a backdoor on Windows XP and blog about it.
And since then, I've been involved in security incidents where this exact technique was used.
Let me share some examples ...
Didier Stevens (SANS ISC Senior Handler) is a Senior Analyst working at NVISO. Didier has developed and published more than 100 open-source tools mostly for malware analysis, several of them popular in the security community. You can find his open source security tools on his IT security related blog https://blog.DidierStevens.com