Such a great exploit because it doesn’t require you to know about arcane stuff like buffer overflows. Even a casual user could follow the process. So much of security seems to be just minimizing the attack surface so you have less to think about. Why does someone need to be able to print a tooltip in the sign in dialog? It’s absurd. Once you involve printing, you are letting in all kinds of third party stuff that isn’t secure at all. Even if you want to permit printing of tooltips or help in general, they should have had a “secure context” where such features are disabled. Similar stuff in PDFs too, where 99% of the use of random features in PDFs like 3D models or scripting was for security exploits. Keep it simple by default and avoid that stuff!

> Why does someone need to be able to print a tooltip in the sign in dialog? It’s absurd.

I doubt that it was intentional. Although careful deploying systems, I have often a feeling that we must have forgotten something that is trivially exploitable by someone. I wonder if there are provably secure systems in use somewhere...

> provably secure systems in use somewhere...

There are. Check out sel4 and dependent type systems.

Yes, I've heard of those. What I wanted to write is "widely used" even at the user level (GUI programs, web applications, etc.).

You prompted me to read more about seL4; the white paper is nice [1].

[1] https://sel4.systems/About/seL4-whitepaper.pdf

This doesn't bypass the lock screen...

This lets you run any app. And it works in any window that has the context help icon in the titlebar, including the "Welcome to Windows" lock screen.

No, the Android "secret browser" doesn't bypass the lock screen.

Sorry, I misunderstood your comment - I thought you were referring to the Win9x lock screen.