A black-hat computer programmer in Argentina with a grudge against Faronics, Emiliano Scavuzzo, has written a program to thaw Deep Freeze without knowing the password. It works on almost ALL versions of Deep Freeze, including the latest version, v5.60.120.1347, released Oct-20-2005 to supposedly thwart his program—it does not! You can use Deep Unfreezer to test for the vulnerability on your own machines:
(Disclaimer: this tutorial and information is provided as is, and is intended for network administrators currently using Deep Freeze on their networks, to provide them with up-to-date vulnerability information on the inherent security flaws in the Deep Freeze program. It is intended to be used for testing purposes only, and is not to be construed as a "hacking tutorial on how to hack Deep Freeze". Author is not responsible for abuse of this information. At the end of the article are a couple of tips on how to secure your machines running vulnerable Deep Freeze installations.)
Deep Freeze Unfreezer
Method 1:
To perform the test you must first grant yourself the "Debug Programs" privilege (revoked by Deep Freeze) by escalating to the Local System account using Task Scheduler from the command line (Start/run, cmd):
1) Type: at 11:23pm /interactive taskmgr.exe (add one or two minutes from the current time). [ENTER]
2) Once Task Manager launches, End Task explorer.exe
3) On the Task Manager menu, choose File / New Task (Run...), Type explorer.exe to launch the explorer shell under the System account which has Debug Privileges
4) Run Deep Unfreezer from the System account.
Or,
Method 2:
Then run Deep Unfreezer, View Status, click on the Boot Thawed button, Save Status, and restart the machine. If the machine reboots in thawed mode, your version of Deep Freeze is vulnerable, and you should take measures to provide additional security on your machines.
Deep Freeze Evaluation versions are also vulnerable to this attack. Deep Freeze Evaluation versions can be taken off machines by an attacker by forwarding the system date past 60-days which will expire Deep Freeze, causing the computer to restart in thawed mode, allowing Deep Freeze to be uninstalled. If you're using an evaluation version of Deep Freeze, here's how to perform this test:
Method 1:
1) Switch to the System account, as described above
2) Double-click the time in the system tray
3) Forward the date past full "DeepFreeze"
4) Restart in thawed mode
5) Use DeepFreezeSTDEval.exe to uninstall Deep Freeze. Deep Freeze is not uninstalled through Add/Remove Programs. It is uninstalled with the installation file, and ONLY with the installation file. Yes, the same file is used to install and uninstall. If you don't have it, download it here. It's a free download:
Deep Freeze Evaluation -Trial Version - v5.60.120.1347
The above two options would prevent a perpetrator on your network from running Deep Unfreezer.
Another obvious option is to not allow Administrator status on machines any longer (this is an issue Windows Vista addresses. Every Administrator will have two tokens, one for UAP and one for full-rights). If you give users only regular, limited accounts, they won't be able to grant themselves the "Debug Programs" privilege.
The worry-free days of "freeze it and forget it" with Deep Freeze may be coming to an end. We'll see. Emiliano just released his second version of Deep Unfreezer, which disables the latest version of Deep Freeze, v5.60.120.1347. This latest version of Deep Freeze was intended to thwart Deep Unfreezer. It failed. Deep Unfreezer still worked, even before Emiliano updated it to specifically include Build 1347.
To learn the current version of Deep Freeze, visit this page:
RapidShare: 1-Click Webhosting
DeepFreezeSTDEval 
Linear Mode
