>>http://security.tombom.co.uk/shatter.html
>
>Hi Al,
>
>I gather from this article that the danger only exists once an attacker gains access to your machine. I.e. it does not present a new way of entering, but it indicates a greater threat once the malicious user or code has gotten in. The implication, however, is that certain types of usage present a much greater risk than previously disclosed, as in this quote:
>
>Even worse is the case of Terminal Services (or Citrix). Imagine a company providing terminal service functionality to their clients, for whatever purpose. That company is NOT going to give their users any real privileges. Shatter attacks will allow those users to completely take over that server; localsystem privileges are higher than the Administrator, and on a shared server that's a problem. Oh, and it doesn't require console access either - I've successfully executed these attacks against a Terminal Server a hundred miles away.
>
>It would also seem that the precaution of avoiding connections to the Internet when logged in with Administrator privileges, i.e. using a login id with a lower privilege level, is less of a protection that I had previously thought. Aside from the Citrix/Terminal Server scenario, I'm not sure what other standard approach to building web-based applications would be wide open to this type of threat, but I'd be curious to understand that better.
>
>Thank you very much for bringing this very interesting reference to our attention.
>
>Mike

But, any virus or worm that gains access to your computer can use this exploit to elevate its privlidges to LocalSystem regardles of the priviedge level of the user, and if the last year is any indicator, all efforts to secure MS platforms have been essentially futile. If admin machines are connected to the intranet when some user connects to the internet and that user gets infected by what ever, or relays infected email or apps, the virus only has to find the Master Browser and propagate from there.